WIBU-Systems - WibuKey Runtime for Windows version - security vulnerabilities addressed WIBU-100031 and WIBU-100057

WIBU-Systems - WibuKey Runtime for Windows version - security vulnerabilities addressed WIBU-100031 and WIBU-100057

Info
This article contains links to external information not maintained by Ing. Punzenberger COPA-DATA Gmbh.
COPA-DATA has been informed by WIBU-Systems of two security vulnerabilities, that have been addressed in the WibuKey Runtime for Windows, with the following references and CVSS 3.1 base score:
  1. WIBU-100031 - base score 8.8 - vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  2. WIBU-100057 - base score 8.8 - vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Both vulnerabilities are reported as exploitable only on the local machine and not over the network.
Both vulnerabilities are only exploitable on Windows system.
zenon versions 7.60 and below, which are no longer maintained, may use a version of the WibuKey Runtime, that is affected by these vulnerabilities. 

WIBU-Systems provides an updated version 6.71 of the WibuKey Runtime on their website https://www.wibu.com/support/user/user-software.html
WIBU-Systems provides a TLP:CLEAR security advisory on their website https://www.wibu.com/support/security-advisories.html

COPA-DATA recommends updating installations with affected versions, to a current zenon version that is still maintained, and performing the switch from WibuKey licensing to CodeMeter licensing in the course of this update.

For systems where updating the no longer maintained zenon version is not possible, COPA-DATA recommends system integrators and asset owners to perform a risk assessment, in order to identify, if updating the affected WibuKey Runtime software to version 6.71 or higher, is needed or possible or if other mitigating options may be needed for the affected systems.