KLA11658
Multiple vulnerabilities in FactoryTalk Activation Manager
Updated: 03/13/2020
Detect date
?
01/04/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in FactoryTalk Activation Manager. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Vulnerability in certain versions of Wibu-Systems CodeMeter can be exploited remotely via specially designed WEB payload to perform cross-site scripting attacks;
  2. Out-of-bounds writing vulnerability in custom string copying function of Imgrd.exe can be exploited remotely to execute arbitrary code;
Affected products

FactoryTalk Activation Manager v4.00.02 and v4.01

  • Includes Wibu-Systems CodeMeter v6.50b and earlier

FactoryTalk Activation Manager v4.00.02 and earlier

  • Includes FlexNet Publisher v11.11.1.1 and earlier
Solution

Update to the latest version

Original advisories

FactoryTalk Activation Manager Vulnerabilities (need authorization)

Impacts
?
ACE 
[?]

XSS/CSS 
[?]
Related products
FactoryTalk Activation Manager
CVE-IDS
?
CVE-2017-137540.0Unknown
CVE-2015-82770.0Unknown