Detections
Analytics

Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20093)

critical Tenable OT Security Plugin ID 500706

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Wibu-Systems recommends the following mitigations:

- Update to Version 7.21a or later.

CVE-2021-20093:

- Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default.
- If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.

CVE-2021-20094:

- The CmWAN server is disabled by default. Check if CmWAN is enabled and disable the feature if it is not needed.
- Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users.
- The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.

For more information on this issue, please see Wibu security advisories: WIBU-210423-01, WIBU-210423-02

For more information on products dependent on the affected CodeMeter see the following vendor security advisories. As new instances are discovered/reported, they will be added to this list:

- Siemens: SSA-675303

See Also

http://www.nessus.org/u?70853191

https://www.tenable.com/security/research/tra-2021-24

https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02

Plugin Details

Severity: Critical

ID: 500706

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 11/7/2022

Updated: 10/19/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2021-20093

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:sicam_230_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2021

Vulnerability Publication Date: 6/16/2021

Reference Information

CVE: CVE-2021-20093

CWE: 125