ID

VAR-202009-0303


CVE

CVE-2020-14515


TITLE

CodeMeter  Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011221

DESCRIPTION

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool. Many Siemens products have security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-14515 // JVNDB: JVNDB-2020-011221 // CNVD: CNVD-2020-51243

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-51243

AFFECTED PRODUCTS

vendor:wibumodel:codemeterscope:ltversion:6.90

Trust: 1.0

vendor:wibumodel:codemeterscope: - version: -

Trust: 0.8

vendor:wibumodel:codemeterscope:eqversion: -

Trust: 0.8

vendor:wibumodel:codemeterscope:eqversion:6.90

Trust: 0.8

vendor:siemensmodel:process historianscope:lteversion:<=2019

Trust: 0.6

vendor:siemensmodel:simatic pcs neoscope: - version: -

Trust: 0.6

vendor:siemensmodel:simit simulation platformscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinema remote connectscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // NVD: CVE-2020-14515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14515
value: HIGH

Trust: 1.0

NVD: CVE-2020-14515
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-51243
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-488
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-14515
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-51243
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:H/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-14515
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-14515
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488 // NVD: CVE-2020-14515

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.0

problemtype:Improper verification of digital signatures (CWE-347) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011221 // NVD: CVE-2020-14515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-488

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202009-488

PATCH

title:CodeMeterurl:https://www.wibu.com/products/codemeter.html

Trust: 0.8

title:Patch for Improper password signature verification vulnerabilities in many Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/233341

Trust: 0.6

title:Wibu-Systems AG CodeMeter Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127909

Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488

EXTERNAL IDS

db:NVDid:CVE-2020-14515

Trust: 3.8

db:ICS CERTid:ICSA-20-203-01

Trust: 2.4

db:JVNid:JVNVU90770748

Trust: 0.8

db:JVNid:JVNVU94568336

Trust: 0.8

db:JVNDBid:JVNDB-2020-011221

Trust: 0.8

db:SIEMENSid:SSA-455843

Trust: 0.6

db:CNVDid:CNVD-2020-51243

Trust: 0.6

db:AUSCERTid:ESB-2020.3076.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3076.3

Trust: 0.6

db:AUSCERTid:ESB-2020.3076

Trust: 0.6

db:CS-HELPid:SB2022021806

Trust: 0.6

db:CNNVDid:CNNVD-202009-488

Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488 // NVD: CVE-2020-14515

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14515

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94568336/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu90770748/

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021806

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3076.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3076.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3076/

Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488 // NVD: CVE-2020-14515

SOURCES

db:CNVDid:CNVD-2020-51243
db:JVNDBid:JVNDB-2020-011221
db:CNNVDid:CNNVD-202009-488
db:NVDid:CVE-2020-14515

LAST UPDATE DATE

2024-08-14T12:13:46.480000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-51243date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-011221date:2022-03-15T05:07:00
db:CNNVDid:CNNVD-202009-488date:2022-02-21T00:00:00
db:NVDid:CVE-2020-14515date:2020-09-22T17:56:46.080

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-51243date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-011221date:2021-03-24T00:00:00
db:CNNVDid:CNNVD-202009-488date:2020-09-08T00:00:00
db:NVDid:CVE-2020-14515date:2020-09-16T20:15:13.567