Wibu-Systems recommends the following mitigations: Tenable, Inc., reported these vulnerabilities to CISA.
CodeMeter Runtime: All versions prior to v7.21a.The following versions of CodeMeter Runtime, a license manager, are affected: Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe). ATTENTION: Exploitable remotely/low attack complexity.Addionally, typically read and write I/O disk operations is about 1.78 KB per minute for reads and 4.06 KB per minute for writes.Ĭ:\Program Files\codemeter\runtime\bin\codemeter.
During the process's lifecycle, the typical CPU resource utilization is about 0.0021% including both foreground and background operations, the average private memory consumption is about 3.8 MB with the maximum memory reaching around 8.99 MB. It is an authenticode code-signed executable issued to WIBU-SYSTEMS AG by the certification authority VeriSign. In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). It is started as a Windows Service called 'CodeMeter.exe' with the name 'CodeMeter.exe' and described as “CodeMeter Runtime Server”.
Codemeter.exe has 4 known versions, the most recent one is Version 5.10a of 2013-Nov-15 (Build 1224).
0 kommentar(er)
