{"api_version":"1","generated_at":"2026-04-22T23:08:44+00:00","cve":"CVE-2020-14517","urls":{"html":"https://cve.report/CVE-2020-14517","api":"https://cve.report/api/cve/CVE-2020-14517.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14517","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14517"},"summary":{"title":"CVE-2020-14517","description":"Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2020-09-16 20:15:00","updated_at":"2021-11-04 18:15:00"},"problem_types":["CWE-327"],"metrics":[],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Wibu-Systems CodeMeter (Update A) | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14517","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14517","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14517","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wibu","cpe5":"codemeter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14517","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wibu","cpe5":"codemeter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14517","qid":"590734","title":"WIBU Codemeter Runtime PAS4000 Multiple Vulnerabilities (adv_1005485-de-02)"},{"cve":"CVE-2020-14517","qid":"590802","title":"Siemens Remote Connect Client Multiple Vulnerabilities (SSA-455843)"},{"cve":"CVE-2020-14517","qid":"590878","title":"Schneider Electric Wibu-Systems CodeMeter Multiple Vulnerabilities (SEVD-2020-287-02)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14517","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"CodeMeter","version":{"version_data":[{"version_value":"All versions prior to 6.90, including Version 6.90 or newer only if CodeMeter Runtime is running as server."}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"INADEQUATE ENCRYPTION STRENGTH CWE-326"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"}]},"description":{"description_data":[{"lang":"eng","value":"Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API."}]}},"nvd":{"publishedDate":"2020-09-16 20:15:00","lastModifiedDate":"2021-11-04 18:15:00","problem_types":["CWE-327"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*","versionEndExcluding":"6.90","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14517","Ordinal":"175894","Title":"CVE-2020-14517","CVE":"CVE-2020-14517","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14517","Ordinal":"1","NoteData":"Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14517","Ordinal":"2","NoteData":"2020-09-16","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14517","Ordinal":"3","NoteData":"2020-09-16","Type":"Other","Title":"Modified"}]}}}