SSA-201595 — Vulnetix

SSA-201595 PUBLISHED CVSS 8.199999809265137 HIGH

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.

Risk Scores

CVSS 3.1

8.199999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Siemens	SENTRON Powermanager V6
Siemens	Desigo CC family V8
Siemens	SENTRON Powermanager V7
Siemens	Desigo CC family V5.0
Siemens	Desigo CC family V6
Siemens	SENTRON Powermanager V8
Siemens	Desigo CC family V5.1
Siemens	SENTRON Powermanager V5
Siemens	Desigo CC family V7

Timeline

Aug 14, 2025 CVE Published
Mar 10, 2026 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-201595.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-201595.html advisory
https://support.industry.siemens.com/cs/ww/en/view/109997962/ patch
https://support.industry.siemens.com/cs/ww/en/view/109771760/ patch

Open in Interactive Console →