CVE-2021-41057

Summary

CVE	CVE-2021-41057
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-14 21:15:00 UTC
Updated	2021-11-17 18:49:00 UTC
Description	In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.

Risk And Classification

Problem Types: CWE-59

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Microsoft	Windows	-	All	All	All
Application	Siemens	Pss Cape	14	All	All	All
Application	Siemens	Pss E	All	All	All	All
Application	Siemens	Pss Odms	All	All	All	All
Application	Siemens	Sicam 230	All	All	All	All
Application	Siemens	Simatic Information Server	All	All	All	All
Application	Siemens	Simatic Information Server	2019	-	All	All
Application	Siemens	Simatic Information Server	2019	sp1	All	All
Application	Siemens	Simatic Pcs Neo	All	All	All	All
Application	Siemens	Simatic Process Historian	All	All	All	All
Application	Siemens	Simatic Wincc Oa	All	All	All	All
Application	Siemens	Simit	All	All	All	All
Application	Wibu	Codemeter Runtime	All	All	All	All

References

Reference	Source	Link	Tags
Security Advisories: Wibu-Systems	MISC	www.wibu.com
cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-21...	CONFIRM	cdn.wibu.com
cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf	CONFIRM	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590658 Wibu-Systems CodeMeter Runtime Vulnerability (ICSA-21-350-03)
591086 WIBU Systems CodeMeter Runtime Denial of Service (DoS) Vulnerability (WIBU-210910-01)
591233 "B and R" Automation Studio Denial of Service (DoS) Vulnerability (ADVISORY_04-2022)