COPA-DATA has been informed by Wibu Systems of two security vulnerabilities, that have been addressed in the WibuKey Runtime for Windows software, with the following references and CVSS 3.1 base score:
- CVE-2024-45181 - base score 8.8 - vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- CVE-2024-45182 - base score 6.5 - vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Both vulnerabilities are reported as exploitable only on the local machine and not over the network.
zenon versions 7.60 and below, which are no longer maintained, may use a version of the WibuKey Runtime, that is affected by these vulnerabilities.
COPA-DATA recommends updating installations with affected versions, to a current zenon version that is still maintained, and performing the switch from WibuKey licensing to CodeMeter licensing in the course of this update.
For systems where updating the no longer maintained zenon version is not possible, COPA-DATA recommends system integrators and asset owners to perform a risk assessment, in order to identify, if updating the affected WibuKey Runtime software to version 6.70 or higher, is needed or possible or if other mitigating options may be needed for the affected systems.