Wibu: Buffer Overflow in CodeMeter Runtime

Vulnerability

A heap buffer overflow vulnerability exists in the Wibu CodeMeter Runtime network service in versions up to 7.60b. The flaw resides in the network service component when processing specially crafted network packets. Affected products include those from Trumpf (e.g., CAD/CAM software using TRUMPF License Expert) and Phoenix Contact devices that use CodeMeter Runtime in server mode. Devices using CodeMeter embedded are not affected [1][2].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted network request to the CodeMeter Runtime service. No user interaction or prior authentication is required. The attack is network-based and does not require any special privileges [1][2].

Impact

Successful exploitation allows an attacker to achieve remote code execution (RCE) and gain full access to the host system. In server mode, the attacker can fully compromise the server. In non-networked workstation mode, exploitation leads to privilege escalation and full administrative access on the workstation [1][2].

Mitigation

Wibu-Systems has released a fixed version of CodeMeter Runtime; users should update to the latest version. For Trumpf products, a new version of TRUMPF License Expert that fixes this vulnerability is available. Phoenix Contact also recommends updating affected products. As a workaround, Trumpf notes that machines with a correctly installed mGuard hardware firewall cannot be exploited if used as intended [1][2].