Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11658
Multiple vulnerabilities in FactoryTalk Activation Manager

Updated: 06/18/2020
Detect date
?
 01/04/2020
Severity
?
 Critical
Description

Multiple vulnerabilities were found in FactoryTalk Activation Manager. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Vulnerability in certain versions of Wibu-Systems CodeMeter can be exploited remotely via specially designed WEB payload to perform cross-site scripting attacks;
  2. Out-of-bounds writing vulnerability in custom string copying function of Imgrd.exe can be exploited remotely to execute arbitrary code;
Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42610
Affected products

FactoryTalk Activation Manager v4.00.02 and v4.01

  • Includes Wibu-Systems CodeMeter v6.50b and earlier

FactoryTalk Activation Manager v4.00.02 and earlier

  • Includes FlexNet Publisher v11.11.1.1 and earlier
Solution

Update to the latest version
Original advisories

FactoryTalk Activation Manager Vulnerabilities (need authorization)
Impacts
?
ACE 
[?]

XSS/CSS 
[?]
Related products
 FactoryTalk Activation Manager
CVE-IDS
?
CVE-2017-137543.5Warning
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up