Security Vulnerabilities in CodeMeter Runtime (8/2023)
Description
dSPACE were informed by WIBU Systems, the supplier of the CodeMeter license technology used by dSPACE, about problems in the CodeMeter Runtime that were classified as a potential security risk.
These vulnerabilities potentially affect
- all systems with CodeMeter installation that are used as license servers.
- all systems with CodeMeter Installation where an adversary has access to, to send a malicious request to CodeMeter.
According to WIBU Systems, additional protection mechanisms of CodeMeter need to be broken to exploit the vulnerability. WIBU Systems is not aware of any proof-of-concept for exploiting this vulnerability.
Detailed information is available in the Product Security Advisory WIBU-230704-01 (2023-08-16) provided by WIBU Systems under the following link. This information can also be used to determine the individual risk.
CodeMeter Update
The vulnerabilities were closed by WIBU Systems with CodeMeter version 7.60c. This new version has been tested and released by dSPACE.
dSPACE recommends the update to the current CodeMeter version published at here for all CodeMeter Floating Network License Servers.
CodeMeter Version Check
You find your current CodeMeter Runtime version under Windows 10 System Settings - Apps & features.
| Date | 2023-09-04 |
| Product | dSPACE Installation Manager |
| Information Type | Patches |
| Information Category | Installation and Licensing, Product Security |
| dSPACE Release | 2023-A, 2022-B, 2022-A, 2021-B, 2021-A, 2020-B, 2020-A, 2019-B, 2019-A, 2018-B, 2018-A, 2017-B |
Drive innovation forward. Always on the pulse of technology development.
Subscribe to our expert knowledge. Learn from our successful project examples. Keep up to date on simulation and validation. Subscribe to/manage dSPACE direct and aerospace & defense now.