Detections
Analytics

Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20094)

high Tenable OT Security Plugin ID 500842

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Wibu-Systems recommends the following mitigations:

- Update to Version 7.21a or later.

CVE-2021-20093:

- Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default.
- If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.

CVE-2021-20094:

- The CmWAN server is disabled by default. Check if CmWAN is enabled and disable the feature if it is not needed.
- Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users.
- The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.

For more information on this issue, please see Wibu security advisories: WIBU-210423-01, WIBU-210423-02

For more information on products dependent on the affected CodeMeter see the following vendor security advisories. As new instances are discovered/reported, they will be added to this list:

- Siemens: SSA-675303

See Also

http://www.nessus.org/u?f840f04c

https://www.tenable.com/security/research/tra-2021-24

https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02

Plugin Details

Severity: High

ID: 500842

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 2/28/2023

Updated: 10/19/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-20094

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:sicam_230_firmware:-

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2021

Vulnerability Publication Date: 6/16/2021

Reference Information

CVE: CVE-2021-20094

CWE: 125