{"api_version":"1","generated_at":"2026-04-22T23:08:51+00:00","cve":"CVE-2020-14509","urls":{"html":"https://cve.report/CVE-2020-14509","api":"https://cve.report/api/cve/CVE-2020-14509.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14509","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14509"},"summary":{"title":"CVE-2020-14509","description":"Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2020-09-16 20:15:00","updated_at":"2021-11-04 18:22:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Wibu-Systems CodeMeter (Update A) | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14509","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14509","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14509","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wibu","cpe5":"codemeter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14509","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wibu","cpe5":"codemeter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14509","qid":"590727","title":"WIBU CodeMeter PASVisu Multiple Vulnerabilities"},{"cve":"CVE-2020-14509","qid":"590734","title":"WIBU Codemeter Runtime PAS4000 Multiple Vulnerabilities (adv_1005485-de-02)"},{"cve":"CVE-2020-14509","qid":"590802","title":"Siemens Remote Connect Client Multiple Vulnerabilities (SSA-455843)"},{"cve":"CVE-2020-14509","qid":"590878","title":"Schneider Electric Wibu-Systems CodeMeter Multiple Vulnerabilities (SEVD-2020-287-02)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14509","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"CodeMeter","version":{"version_data":[{"version_value":"All versions prior to 7.10"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"BUFFER ACCESS WITH INCORRECT LENGTH VALUE CWE-805"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"}]},"description":{"description_data":[{"lang":"eng","value":"Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities."}]}},"nvd":{"publishedDate":"2020-09-16 20:15:00","lastModifiedDate":"2021-11-04 18:22:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*","versionEndExcluding":"7.10","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14509","Ordinal":"175886","Title":"CVE-2020-14509","CVE":"CVE-2020-14509","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14509","Ordinal":"1","NoteData":"Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14509","Ordinal":"2","NoteData":"2020-09-16","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14509","Ordinal":"3","NoteData":"2020-09-16","Type":"Other","Title":"Modified"}]}}}