Product Security Updates
Find the latest product detail information.
Subscribe now to stay up to date on the latest Leica product data security vulnerabilities and privacy issues
List of Updates
December 2023 - Security vulnerability in licensing component used by Leica Microsystems software
Description of the Problem and Potential Risk
Software vendor, Wibu-Systems, has disclosed vulnerabilities in its CodeMeter product (CVE-2023-3935). This product is widely used in the industry for license management and is also embedded in image acquisition software from Leica Microsystems (see detailed list below). The ability to exploit this vulnerability is limited to computers that are connected to a network. The flaw can be exploited by a remote, unauthenticated attacker for arbitrary code execution if CodeMeter Runtime is configured as a server. If CodeMeter Runtime is configured as a client, the bug can allow an authenticated local attacker to escalate privileges to root on the PC where the acquisition software is installed.
Remediation
Wibu-Systems recommends in their Security Advisory WIBU-230704-01-v3.1 to install CodeMeter Runtime version 7.60d. Updating CodeMeter to Version 7.60d has been tested with the Leica Microsystems software versions listed below and the installer is available from the Leica Microsystems download page .
When installing CodeMeter Runtime 7.60d, follow the instructions and keep the default settings to ensure a smooth experience.
Leica Microsystems recommends updating to versions higher than mentioned above, as these will use versions of CodeMeter that include the security patch for this vulnerability.
More information
For more details regarding the vulnerabilities in CodeMeter Runtime, please refer to:
- Official Common Vulnerabilities and Exposures (CVE) record
- Wibu-Systems Security Advisories
- Wibu-Systems CodeMeter Runtime 7.60d (download from Leica Microsystems)