ID

VAR-202309-0673


CVE

CVE-2023-4701


DESCRIPTION

A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system

Trust: 0.99

sources: NVD: CVE-2023-4701 // VULMON: CVE-2023-4701

AFFECTED PRODUCTS

vendor:trumpfmodel:trutopsboostscope:gteversion:06.00.23.00

Trust: 1.0

vendor:trumpfmodel:teczonebendscope:gteversion:18.02.r8

Trust: 1.0

vendor:trumpfmodel:trutops cell sw48scope:lteversion:02.26.0

Trust: 1.0

vendor:trumpfmodel:topscalculationscope:gteversion:14.00

Trust: 1.0

vendor:trumpfmodel:trutops cell classicscope:lteversion:09.09.02

Trust: 1.0

vendor:trumpfmodel:teczonebendscope:lteversion:23.06.01

Trust: 1.0

vendor:trumpfmodel:trutops cell sw48scope:gteversion:01.00

Trust: 1.0

vendor:trumpfmodel:trumpflicenseexpertscope:gteversion:1.5.2

Trust: 1.0

vendor:trumpfmodel:trutopsfab storage smallstorescope:lteversion:20.04.20.00

Trust: 1.0

vendor:trumpfmodel:programmingtubescope:lteversion:4.6.3

Trust: 1.0

vendor:trumpfmodel:trutopsprintmultilaserassistantscope:gteversion:01.02

Trust: 1.0

vendor:trumpfmodel:trutopsfab storage smallstorescope:gteversion:14.06.20

Trust: 1.0

vendor:trumpfmodel:trutopsweldscope:gteversion:7.0.198.241

Trust: 1.0

vendor:trumpfmodel:trutopsprintscope:gteversion:00.06.00

Trust: 1.0

vendor:trumpfmodel:oseonscope:lteversion:3.0.22

Trust: 1.0

vendor:trumpfmodel:programmingtubescope:gteversion:1.0.1

Trust: 1.0

vendor:trumpfmodel:tubedesignscope:lteversion:14.06.150

Trust: 1.0

vendor:trumpfmodel:oseonscope:gteversion:1.0.0

Trust: 1.0

vendor:trumpfmodel:topscalculationscope:lteversion:22.00.00

Trust: 1.0

vendor:trumpfmodel:trutopsscope:gteversion:08.00

Trust: 1.0

vendor:trumpfmodel:trutopsprintscope:lteversion:01.00

Trust: 1.0

vendor:trumpfmodel:trutops mark 3dscope:gteversion:01.00

Trust: 1.0

vendor:trumpfmodel:trutopsboostscope:lteversion:16.0.22

Trust: 1.0

vendor:trumpfmodel:trutopsscope:lteversion:12.01.00.00

Trust: 1.0

vendor:trumpfmodel:trumpflicenseexpertscope:lteversion:1.11.1

Trust: 1.0

vendor:wibumodel:codemeter runtimescope:ltversion:7.60c

Trust: 1.0

vendor:trumpfmodel:trutopsfabscope:lteversion:22.8.25

Trust: 1.0

vendor:trumpfmodel:tubedesignscope:gteversion:08.00

Trust: 1.0

vendor:trumpfmodel:trutops mark 3dscope:lteversion:06.01

Trust: 1.0

vendor:trumpfmodel:tops unfoldscope:eqversion:05.03.00.00

Trust: 1.0

vendor:trumpfmodel:trutopsfabscope:gteversion:15.00.23.00

Trust: 1.0

vendor:trumpfmodel:trutopsweldscope:lteversion:9.0.28148.1

Trust: 1.0

sources: NVD: CVE-2023-4701

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-4701
value: HIGH

Trust: 1.0

NVD: CVE-2023-4701
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-4701

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

sources: NVD: CVE-2023-4701

CONFIGURATIONS

sources: NVD: CVE-2023-4701

EXTERNAL IDS

db:CERT@VDEid:VDE-2023-031

Trust: 1.1

db:NVDid:CVE-2023-4701

Trust: 1.1

db:CERT@VDEid:VDE-2023-030

Trust: 1.0

db:VULMONid:CVE-2023-4701

Trust: 0.1

sources: VULMON: CVE-2023-4701 // NVD: CVE-2023-4701

REFERENCES

url:https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf

Trust: 1.1

url:https://cert.vde.com/en/advisories/vde-2023-031/

Trust: 1.1

url:https://cert.vde.com/en/advisories/vde-2023-030/

Trust: 1.0

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-4701 // NVD: CVE-2023-4701

SOURCES

db:VULMONid:CVE-2023-4701
db:NVDid:CVE-2023-4701

LAST UPDATE DATE

2023-09-21T22:24:54.724000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-4701date:2023-09-13T00:00:00
db:NVDid:CVE-2023-4701date:2023-09-19T08:15:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-4701date:2023-09-13T00:00:00
db:NVDid:CVE-2023-4701date:2023-09-13T14:15:00