Details of VAR-202009-0303

ID

VAR-202009-0303

CVE

CVE-2020-14515

TITLE

CodeMeter Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011221

DESCRIPTION

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool. Many Siemens products have security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-14515 // JVNDB: JVNDB-2020-011221 // CNVD: CNVD-2020-51243

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-51243

AFFECTED PRODUCTS

vendor:	wibu	model:	codemeter	scope:	lt	version:	6.90	Trust: 1.0
vendor:	wibu	model:	codemeter	scope:	-	version:	-	Trust: 0.8
vendor:	wibu	model:	codemeter	scope:	eq	version:	-	Trust: 0.8
vendor:	wibu	model:	codemeter	scope:	eq	version:	6.90	Trust: 0.8
vendor:	siemens	model:	process historian	scope:	lte	version:	<=2019	Trust: 0.6
vendor:	siemens	model:	simatic pcs neo	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simit simulation platform	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinema remote connect	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // NVD: CVE-2020-14515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14515
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-14515
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-51243
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202009-488
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-14515
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-51243
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:H/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14515
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14515
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488 // NVD: CVE-2020-14515

PROBLEMTYPE DATA

problemtype:	CWE-347	Trust: 1.0
problemtype:	Improper verification of digital signatures (CWE-347) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011221 // NVD: CVE-2020-14515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-488

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202009-488

PATCH

title:	CodeMeter	url:	https://www.wibu.com/products/codemeter.html	Trust: 0.8
title:	Patch for Improper password signature verification vulnerabilities in many Siemens products	url:	https://www.cnvd.org.cn/patchInfo/show/233341	Trust: 0.6
title:	Wibu-Systems AG CodeMeter Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127909	Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14515	Trust: 3.8
db:	ICS CERT	id:	ICSA-20-203-01	Trust: 2.4
db:	JVN	id:	JVNVU90770748	Trust: 0.8
db:	JVN	id:	JVNVU94568336	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-011221	Trust: 0.8
db:	SIEMENS	id:	SSA-455843	Trust: 0.6
db:	CNVD	id:	CNVD-2020-51243	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3076.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3076.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3076	Trust: 0.6
db:	CS-HELP	id:	SB2022021806	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-488	Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488 // NVD: CVE-2020-14515

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14515	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu94568336/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90770748/	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021806	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3076.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3076.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3076/	Trust: 0.6

sources: CNVD: CNVD-2020-51243 // JVNDB: JVNDB-2020-011221 // CNNVD: CNNVD-202009-488 // NVD: CVE-2020-14515

SOURCES

db:	CNVD	id:	CNVD-2020-51243
db:	JVNDB	id:	JVNDB-2020-011221
db:	CNNVD	id:	CNNVD-202009-488
db:	NVD	id:	CVE-2020-14515

LAST UPDATE DATE

2024-08-14T12:13:46.480000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-51243	date:	2020-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-011221	date:	2022-03-15T05:07:00
db:	CNNVD	id:	CNNVD-202009-488	date:	2022-02-21T00:00:00
db:	NVD	id:	CVE-2020-14515	date:	2020-09-22T17:56:46.080

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-51243	date:	2020-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-011221	date:	2021-03-24T00:00:00
db:	CNNVD	id:	CNNVD-202009-488	date:	2020-09-08T00:00:00
db:	NVD	id:	CVE-2020-14515	date:	2020-09-16T20:15:13.567