Full Report
Several Siemens products (optionally) offer the use of WibuKey Dongles [1] for licensing. According to a recent publication by WIBU Systems (WIBU-94453 at [2]), the Windows device driver for these Dongles contains vulnerabilities as listed below. [1] https://www.wibu.com/products/wibukey.html [2] https://www.wibu.com/support/security-advisories.html WIBU Systems has released a new version for WibuKey for Windows. Siemens recommends to update this device driver on affected Windows client installations, where WibuKey Dongles are used. See also the chapter “Additional Information” for more details.
Analysis Summary
# Vulnerability: Kernel Memory Corruption and Denial of Service in WibuKey Windows Drivers
## CVE Details
- CVE ID: CVE-2024-45181, CVE-2024-45182
- CVSS Score: 8.8 (CVSS v3.1) / 9.3 (CVSS v4.0 for CVE-2024-45181)
- CWE: CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
## Affected Systems
- Products: WibuKey Windows Device Driver (WibuKey64.sys), utilized by Siemens products like PSS(R)SINCAL and Siemens License Server (SLS) when WibuKey Dongles are used for licensing.
- Versions: WIBU-SYSTEMS WibuKey before v6.70.
- Configurations: Affects Windows client installations where WibuKey Dongles are used for licensing associated with Siemens product families.
## Vulnerability Description
The WibuKey Windows device driver, specifically `WibuKey64.sys`, contains two distinct vulnerabilities stemming from improper bounds checks when processing crafted packets:
1. **CVE-2024-45181 (Arbitrary Write):** Allows a local, low-privileged attacker to send specially crafted packets that result in an arbitrary address write, leading to kernel memory corruption. (CVSS v3.1: 8.8)
2. **CVE-2024-45182 (Arbitrary Read/DoS):** Allows a local, low-privileged attacker to send specially crafted packets that result in an arbitrary address read, leading to Denial of Service (DoS). (CVSS v3.1: 6.5)
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but PoC details are implied by the availability of advisories from the vendor regarding crafted packets.
- Complexity: Low (L) for both, as they require local access (`AV:L/AC:L`) but minimal privileges (`PR:L`).
- Attack Vector: Local (L)
## Impact
| Vulnerability | Confidentiality | Integrity | Availability |
| :--- | :--- | :--- | :--- |
| **CVE-2024-45181** | High (H) | High (H) | High (H) |
| **CVE-2024-45182** | No Impact (N) | No Impact (N) | High (H) |
## Remediation
### Patches
- Update the **WibuKey Runtime for Windows** driver to **V6.70 or later version**. This version fixes both CVE-2024-45181 and CVE-2024-45182.
- Siemens recommends applying this update on **all** Windows clients where WibuKey Dongles are used.
### Workarounds
- Follow product-specific guidance detailed in the Siemens advisory (not fully detailed in this summary scope).
- Follow Siemens' general security recommendations, including protecting network access to devices and configuring the environment according to Siemens' operational guidelines for Industrial Security.
## Detection
- Detection methods are not explicitly listed, but indicators would involve monitoring system logs for unusual kernel operations or crashes corresponding to driver interactions immediately prior to system instability (DoS).
- Tools should focus on monitoring driver integrity and system crash dumps related to `WibuKey64.sys`.
## References
- Vendor Advisories: WIBU Systems Advisory WIBU-94453
- Siemens Advisory: SSA-368868
- Wibu Download Link (Defanged): hXXps://www.wibu.com/us/support/user/downloads-user-software.html
- Siemens Industrial Security Guidelines (Defanged): hXXps://www.siemens.com/cert/operational-guidelines-industrial-security