The first is to employ Rexroth Products and their Licensing functions within a closed and/or secure network environment (as described below).
#Codemeter runtime servers update#
If an update is not possible in a timely manner, two mitigation approaches can be followed. It is strongly recommended that customers update the WIBU Systems CodeMeter Runtime Software hosted in their machines to version Rexroth Laser Localization Software < 1.2 Rexroth ActiveAssist Tool localization extension module < 1.1 These vulnerabilities do not affect the CodeMeter Embedded Software.
The successful exploitation of these vulnerabilities can lead to DoS (CVE-2020-14513, CVE-2020-14509), remote code execution (CVE-2020-14509), bypassed encryption (CVE-2020-14517), heap leak on the licensing server-side (CVE-2020-16233) and manipulation or forgery of license files (CVE-2020-14519, CVE-2020-14515).īosch Rexroth recommends to update vulnerable components using the CodeMeter Runtime to version One vulnerability (CVE-2020-14509) is notably critical, as it can easily be exploited by crafting packets sent over any network.
In order to successfully exploit these vulnerabilities, an attacker requires access to the network or system. This software is used by multiple Rexroth Products and Bosch Rexroth customers for license management. A set of 6 vulnerabilities affect multiple versions of the WIBU Systems CodeMeter Runtime Software.