COPA-DATA has been informed by Wibu-Systems about a security vulnerability in the Wibu-Systems CodeMeter Control Center for Windows software with the following CVSS 3.1 base score:

1. CVE-2025-47809 – base score 7.7 - vector CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
   

Summary

The installation of the zenon Software Platform requires the installation of the third-party application WIBU System CodeMeter to manage the license for the use of zenon Software Platform components. After installation, the automatically launched instance of the CodeMeter Control Center is running with System Privileges. These privileges can be abused by unauthorized or malicious users.

This vulnerability affects systems with a zenon Software Platform installation.
Affected versions:

1. zenon Software Platform 14
   
2. zenon Software Platform 12
   
3. zenon Software Platform 11
   
4. zenon Software Platform 10
   
5. zenon Software Platform 8.20
   

Remediation

Wibu-Systems addressed this issue and published an updated version 8.30a of the CodeMeter Control Center on their website:

1. https://www.wibu.com/support/user/user-software.html
   

This vulnerability doesn’t affect systems which meet one of the following requirements:

1. The running system was restarted after the initial installation.
   
2. The User initially installing the zenon Software Platform was signed out of the Windows OS.
   
3. The Wibu-Systems CodeMeter Control Center was manually restarted or closed.
   

 COPA-DATA recommends updating Wibu-Systems CodeMeter Control Center to the fixed version 8.30a after a Risk Analysis was performed by the Asset Owner or System Integrator or assess if other mitigating options may be needed for affected systems.

 More information can be found in the attached CSAF file.