PatchSiren cyber security CVE debrief
CVE-2024-45181 Siemens CVE debrief
An improper bounds check vulnerability exists in WibuKey64.sys, a kernel driver component of WIBU-SYSTEMS WibuKey software licensing protection system. The flaw, present in versions prior to 6.70, allows crafted packets to trigger an arbitrary address write, resulting in kernel memory corruption. This vulnerability affects Siemens PSS(R)SINCAL, which incorporates the vulnerable WibuKey component. The issue was remediated in WibuKey version 6.70. The vulnerability requires local access with low privileges but can lead to complete system compromise including confidentiality, integrity, and availability impacts due to its kernel-level execution context.
- Vendor
- Siemens
- Product
- PSS(R)SINCAL
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-08
- Original CVE updated
- 2024-10-08
- Advisory published
- 2024-10-08
- Advisory updated
- 2024-10-08
Who should care
Organizations operating Siemens PSS(R)SINCAL or other industrial software relying on WibuKey licensing components should prioritize patching. System administrators managing engineering workstations, license servers, and industrial control system environments with WibuKey deployments are affected. Security teams monitoring for kernel-level vulnerabilities in third-party licensing software should assess exposure.
Technical summary
The vulnerability resides in WibuKey64.sys, a 64-bit kernel-mode driver component of the WIBU-SYSTEMS WibuKey software protection and licensing system. An improper bounds check when processing crafted input packets enables an attacker with local access to write to arbitrary kernel memory addresses. This arbitrary write primitive can corrupt kernel memory structures, potentially leading to privilege escalation, code execution in kernel context, or system instability. The vulnerability is classified as HIGH severity (CVSS 8.8) due to the complete compromise of confidentiality, integrity, and availability that kernel-level exploitation enables. The attack vector is local with low attack complexity, requiring low privileges but no user interaction. The scope is changed (S:C) as the vulnerable kernel component can affect resources beyond its security boundary.
Defensive priority
HIGH
Recommended defensive actions
- Update WibuKey Runtime for Windows to version 6.70 or later to remediate the kernel driver vulnerability
- Verify WibuKey component versions in Siemens PSS(R)SINCAL deployments and apply vendor-provided updates
- Apply defense-in-depth controls for industrial control systems per CISA recommended practices, including network segmentation and least-privilege access
- Monitor for anomalous kernel-level activity or unexpected driver behavior on systems utilizing WibuKey licensing components
- Review Siemens security advisory SSA-368868 for product-specific guidance and additional affected product information
Evidence notes
CVE published 2024-10-08. CISA ICS advisory ICSA-24-284-09 published same date. Siemens security advisory SSA-368868 cross-referenced. Fix confirmed in WibuKey Runtime for Windows V6.70.
Official resources
-
CVE-2024-45181 CVE record
CVE.org
-
CVE-2024-45181 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-08