Full Report
Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition. While all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935. Siemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.
Analysis Summary
# Vulnerability: Multiple Critical Vulnerabilities in WIBU Systems CodeMeter Runtime Affecting Desigo CC and SENTRON powermanager
## CVE Details
The advisory covers multiple underlying vulnerabilities in the CodeMeter Runtime component. Specific CVEs mentioned related to the affected products are:
- **CVE ID:** CVE-2021-20093 (Score not explicitly provided, related to CodeMeter Advisory WIBU-210423-01)
- **CVE ID:** CVE-2021-20094 (Score not explicitly provided, related to CodeMeter Advisory WIBU-210423-02)
- **CVE ID:** CVE-2023-3935 (CVSS Score: **9.1 (Critical)** - Based on the overall Advisory score of 9.1, and specific detail for CVE-2023-3935 related to Heap Overflow)
- **CWE:** CWE-122: Heap-based Buffer Overflow (Specific to CVE-2023-3935 exploitation details)
## Affected Systems
- **Products:**
- Desigo CC Product Family: Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS.
- SENTRON powermanager (Desigo CC-based).
- **Versions:**
- Desigo CC Family V5.0, V5.1, and V6: Affected by **all listed CVEs** (CVE-2021-20093, CVE-2021-20094, CVE-2023-3935).
- Desigo CC Family V7: Affected only by **CVE-2023-3935**.
- SENTRON powermanager: All versions $\ge$ V4.0 affected by **all listed CVEs**.
- **Configurations:** Remote access exploitation is possible if the underlying CodeMeter is configured as a server.
## Vulnerability Description
The vulnerabilities reside in the **WIBU Systems CodeMeter Runtime** component used by the affected Siemens products. Successful exploitation can lead to:
1. **Remote Code Execution (RCE)** on the Desigo CC server.
2. **Denial of Service (DoS)** condition.
Specifically, CVE-2023-3935 is detailed as a **Heap-based Buffer Overflow** (CWE-122). Exploiting this flaw may require breaking additional protection mechanisms. If the CodeMeter component is not configured as a server, an attacker would need local access or trick a user into transmitting a malicious request, potentially leading to **Privilege Escalation**.
## Exploitation
- **Status:** The advisory notes that **no Proof of Concept (PoC) is currently known** to Siemens/WIBU.
- **Complexity:** Low (for RCE/DoS leading to arbitrary code execution, assuming necessary configurations). Attack complexity for CVE-2023-3935 is noted as **High (AC:H)** due to required breaking of protection mechanisms to achieve execution.
- **Attack Vector:** **Network (AV:N)** is the primary vector if CodeMeter is configured as a server.
## Impact
(Based on RCE potential from high-scoring vulnerabilities):
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High (Due to DoS potential)
## Remediation
### Patches
- Siemens has released a patch updating the underlying **CodeMeter Runtime component**.
- **Action:** Install the patch, which is available at: `https://support.industry.siemens.com/cs/ww/en/view/109825787/` and can be applied to all released versions of the affected products.
### Workarounds
- **Mitigation:** Siemens strongly recommends protecting network access to affected products with appropriate mechanisms and following general security best practices to run devices in a protected IT environment. (No specific configuration workarounds are listed, emphasizing patching).
## Detection
- **Indicators of Compromise:** Not explicitly detailed in the summary, but typically involves unusual network traffic targeting the CodeMeter ports or unexpected process execution/crashes on the Desigo CC server.
- **Detection methods and tools:** Monitoring network access to CodeMeter services if remote access cannot be immediately restricted.
## References
- Siemens Security Advisory SSA-625850: `https://cert-portal.siemens.com/productcert/html/ssa-625850.html`
- WIBU Systems Security Advisory WIBU-210423-01: `https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf`
- WIBU Systems Security Advisory WIBU-210423-02: `https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf`
- WIBU Systems Security Advisory WIBU-230704-01: `https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01.pdf`