In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf | Third Party Advisory |
| https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf | Mitigation Vendor Advisory |
| https://www.wibu.com/us/support/security-advisories.html | Vendor Advisory |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
|
Information
Published : 2021-11-14 13:15
Updated : 2021-11-17 10:49
NVD link : CVE-2021-41057
Mitre link : CVE-2021-41057
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Advertisement
Products Affected
microsoft
- windows
siemens
- pss_e
- simatic_pcs_neo
- pss_odms
- pss_cape
- simatic_wincc_oa
- simit
- simatic_process_historian
- sicam_230
- simatic_information_server
wibu
- codemeter_runtime