VDB
SSA-331739
SSA-331739
PUBLISHED
CVSS 8.199999809265137 HIGH
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC PDM Maintenance Station V5.0 | |
| Siemens | SIMATIC WinCC OA V3.19 | |
| Siemens | SIMATIC WinCC OA V3.18 | |
| Siemens | SIMATIC WinCC OA V3.20 |
Timeline
- Aug 12, 2025 CVE Published
- Sep 9, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-331739.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-331739.html advisory
- https://support.industry.siemens.com/cs/ww/en/view/109994004/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109989640/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109990967/ patch