CVE-2023-3935

Name: CVE-2023-3935
Creator: NVD / NIST
Published: 2023-09-13T14:15:09.147+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.50%

Last modified Jun 17, 2026

CVE-2023-3935 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.. EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.50%

71.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Wibu	Codemeter Runtime	< 7.60c	—
Trumpf	Oseon	>= 1.0.0, <= 3.0.22	—
Trumpf	Programmingtube	>= 1.0.1, <= 4.6.3	—
Trumpf	Teczonebend	>= 18.02.r8, <= 23.06.01	—
Trumpf	Tops Unfold	05.03.00.00	—
Trumpf	Topscalculation	>= 14.00, <= 22.00.00	—
Trumpf	Trumpflicenseexpert	>= 1.5.2, <= 1.11.1	—
Trumpf	Trutops	>= 08.00, <= 12.01.00.00	—
Trumpf	Trutops Cell Classic	<= 09.09.02	—
Trumpf	Trutops Cell Sw48	>= 01.00, <= 02.26.0	—
Trumpf	Trutops Mark 3d	>= 01.00, <= 06.01	—
Trumpf	Trutopsboost	>= 06.00.23.00, <= 16.0.22	—
Trumpf	Trutopsfab	>= 15.00.23.00, <= 22.8.25	—
Trumpf	Trutopsfab Storage Smallstore	>= 14.06.20, <= 20.04.20.00	—
Trumpf	Trutopsprint	>= 00.06.00, <= 01.00	—
Trumpf	Trutopsprintmultilaserassistant	>= 01.02	—
Trumpf	Trutopsweld	>= 7.0.198.241, <= 9.0.28148.1	—
Trumpf	Tubedesign	>= 08.00, <= 14.06.150	—
Phoenixcontact	Activation Wizard	<= 1.6	—
Phoenixcontact	E-Mobility Charging Suite	<= 1.7.0	—
Phoenixcontact	Fl Network Manager	<= 7.0	—
Phoenixcontact	Iol-Conf	<= 1.7.0	—
Phoenixcontact	Module Type Package Designer	< 1.2.0	—
Phoenixcontact	Module Type Package Designer	1.2.0	Beta
Phoenixcontact	Plcnext Engineer	<= 2023.6	—

References

https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdfVendor Advisory
https://cert.vde.com/en/advisories/VDE-2023-030/Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-031/Third Party Advisory
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdfVendor Advisory
https://cert.vde.com/en/advisories/VDE-2023-030/Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-031/Third Party Advisory

Timeline

Published: Sep 13, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-3935?

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

How severe is CVE-2023-3935?

CVE-2023-3935 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.

How do I fix CVE-2023-3935?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-3935?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST