<p>Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition. While all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.</p>
<p>Siemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.</p>
Source link
