Security Vulnerabilities in CodeMeter Runtime (10/2023)
Description
dSPACE were informed by WIBU Systems, the supplier of the CodeMeter license technology used by dSPACE, about problems in the CodeMeter Runtime that were classified as a potential security risk.
These vulnerabilities potentially affect
- all systems with CodeMeter installation.
According to WIBU Systems, a malicious proxy can exploit a bug in the implemented handshake to cause a buffer overflow. If no SOCKS5 proxy has been configured, there is no attack surface.
Detailed information is available in the Product Security Advisory WIBU-231017-01 (2023-10-27) provided by WIBU Systems under the following link. This information can also be used to determine the individual risk.
CodeMeter Update
The vulnerabilities were closed by WIBU Systems with CodeMeter version 7.60d. This new version has been tested and released by dSPACE.
Based on the result of your individual risk determination dSPACE recommends the update to the current CodeMeter version published at here for all CodeMeter installations.
CodeMeter Version Check
You find your current CodeMeter Runtime version under Windows 10 System Settings - Apps & features.
| Date | 2023-11-07 |
| Product | dSPACE Installation Manager |
| Information Type | Patches |
| Information Category | Installation and Licensing, Product Security |
| dSPACE Release | 2023-A, 2022-B, 2022-A, 2021-B, 2021-A, 2020-B, 2020-A, 2019-B, 2019-A, 2018-B, 2018-A, 2017-B |
Drive innovation forward. Always on the pulse of technology development.
Subscribe to our expert knowledge. Learn from our successful project examples. Keep up to date on simulation and validation. Subscribe to/manage dSPACE direct and aerospace & defense now.