Details of VAR-202009-0319

ID

VAR-202009-0319

CVE

CVE-2020-14513

TITLE

CodeMeter Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011220

DESCRIPTION

CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software

Trust: 2.16

sources: NVD: CVE-2020-14513 // JVNDB: JVNDB-2020-011220 // CNVD: CNVD-2020-51244

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-51244

AFFECTED PRODUCTS

vendor:	wibu	model:	codemeter	scope:	lt	version:	6.81	Trust: 1.0
vendor:	wibu	model:	codemeter	scope:	-	version:	-	Trust: 0.8
vendor:	wibu	model:	codemeter	scope:	eq	version:	-	Trust: 0.8
vendor:	wibu	model:	codemeter	scope:	eq	version:	6.81	Trust: 0.8
vendor:	siemens	model:	sppa-s2000	scope:	eq	version:	3.04	Trust: 0.6
vendor:	siemens	model:	sppa-s2000	scope:	eq	version:	3.06	Trust: 0.6
vendor:	siemens	model:	sppa-t3000 r8.2 sp2	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sppa-s3000	scope:	eq	version:	3.05	Trust: 0.6
vendor:	siemens	model:	process historian	scope:	lte	version:	<=2019	Trust: 0.6
vendor:	siemens	model:	simatic pcs neo	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simit simulation platform	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinema remote connect	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-51244 // JVNDB: JVNDB-2020-011220 // NVD: CVE-2020-14513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14513
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-14513
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-51244
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202009-483
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-14513
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-51244
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14513
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14513
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-51244 // JVNDB: JVNDB-2020-011220 // CNNVD: CNNVD-202009-483 // NVD: CVE-2020-14513

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011220 // NVD: CVE-2020-14513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-483

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-483

PATCH

title:	CodeMeter	url:	https://www.wibu.com/products/codemeter.html	Trust: 0.8
title:	Patch for Improper input verification vulnerabilities in multiple Siemens products	url:	https://www.cnvd.org.cn/patchInfo/show/233338	Trust: 0.6
title:	ARC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127904	Trust: 0.6

sources: CNVD: CNVD-2020-51244 // JVNDB: JVNDB-2020-011220 // CNNVD: CNNVD-202009-483

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14513	Trust: 3.8
db:	ICS CERT	id:	ICSA-20-203-01	Trust: 2.4
db:	JVN	id:	JVNVU90770748	Trust: 0.8
db:	JVN	id:	JVNVU94568336	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-011220	Trust: 0.8
db:	SIEMENS	id:	SSA-455843	Trust: 0.6
db:	CNVD	id:	CNVD-2020-51244	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3076.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3076.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3076	Trust: 0.6
db:	CS-HELP	id:	SB2022021806	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-483	Trust: 0.6

sources: CNVD: CNVD-2020-51244 // JVNDB: JVNDB-2020-011220 // CNNVD: CNNVD-202009-483 // NVD: CVE-2020-14513

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14513	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu94568336/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90770748/	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021806	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3076.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3076.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3076/	Trust: 0.6

sources: CNVD: CNVD-2020-51244 // JVNDB: JVNDB-2020-011220 // CNNVD: CNNVD-202009-483 // NVD: CVE-2020-14513

SOURCES

db:	CNVD	id:	CNVD-2020-51244
db:	JVNDB	id:	JVNDB-2020-011220
db:	CNNVD	id:	CNNVD-202009-483
db:	NVD	id:	CVE-2020-14513

LAST UPDATE DATE

2024-08-14T12:07:58.731000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-51244	date:	2020-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-011220	date:	2022-03-15T05:04:00
db:	CNNVD	id:	CNNVD-202009-483	date:	2022-02-21T00:00:00
db:	NVD	id:	CVE-2020-14513	date:	2020-09-22T17:47:12.067

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-51244	date:	2020-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-011220	date:	2021-03-24T00:00:00
db:	CNNVD	id:	CNNVD-202009-483	date:	2020-09-08T00:00:00
db:	NVD	id:	CVE-2020-14513	date:	2020-09-16T20:15:13.473