Wibu Systems - WibuKey Runtime for Windows version - security vulnerabilties addressed WIBU-94453

Wibu Systems - WibuKey Runtime for Windows version - security vulnerabilties addressed WIBU-94453

COPA-DATA has been informed by Wibu Systems of two security vulnerabilities, that have been addressed in the WibuKey Runtime for Windows software, with the following references and CVSS 3.1 base score:
  1. CVE-2024-45181  - base score 8.8 - vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  2. CVE-2024-45182  - base score 6.5 - vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Both vulnerabilities are reported as exploitable only on the local machine and not over the network.
zenon versions 7.60 and below, which are no longer maintained, may use a version of the WibuKey Runtime, that is affected by these vulnerabilities. 

Wibu Systems provides an updated version 6.70 of the WibuKey Runtime on their website https://www.wibu.com/support/user/user-software.html

COPA-DATA recommends updating installations with affected versions, to a current zenon version that is still maintained, and performing the switch from WibuKey licensing to CodeMeter licensing in the course of this update.

For systems where updating the no longer maintained zenon version is not possible, COPA-DATA recommends system integrators and asset owners to perform a risk assessment, in order to identify, if updating the affected WibuKey Runtime software to version 6.70 or higher, is needed or possible or if other mitigating options may be needed for the affected systems.