SSA-331739

Siemens Security Advisory by Siemens ProductCERT

SSA-331739: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products

Publication Date:	2025-08-12
Last Update:	2025-08-12
Current Version:	V1.0
CVSS v3.1 Base Score:	8.2

SUMMARY

WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products.

Siemens has released new versions for affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SIMATIC Information Server	Show more details
SIMATIC Information Server 2020 All versions affected by CVE-2025-47809	Currently no fix is available
SIMATIC Information Server 2022 All versions affected by CVE-2025-47809	Currently no fix is available
SIMATIC Information Server 2024 All versions affected by CVE-2025-47809	Currently no fix is available
SIMATIC PDM Maintenance Station V5.0 All versions affected by CVE-2025-47809	Currently no fix is available
SIMATIC Process Historian	Show more details
SIMATIC Process Historian 2020 All versions affected by CVE-2025-47809	Currently no fix is planned
SIMATIC Process Historian 2022 All versions affected by CVE-2025-47809	Currently no fix is available
SIMATIC Process Historian 2024 All versions affected by CVE-2025-47809	Currently no fix is available
SIMATIC WinCC OA	Show more details
SIMATIC WinCC OA V3.18 All versions < V3.18 P032 affected by CVE-2025-47809	Update to V3.18 P032 or later version https://support.industry.siemens.com/cs/ww/en/view/109994004/
SIMATIC WinCC OA V3.19 All versions < V3.19 P020 affected by CVE-2025-47809	Update to V3.19 P020 or later version https://support.industry.siemens.com/cs/ww/en/view/109989640/
SIMATIC WinCC OA V3.20 All versions < V3.20 P008 affected by CVE-2025-47809	Update to V3.20 P008 or later version https://support.industry.siemens.com/cs/ww/en/view/109990967/

WORKAROUNDS AND MITIGATIONS

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC Information Server is used to report and visualize process data stored in the SIMATIC Process Historian.

SIMATIC PDM MS provides standalone field device management, diagnostics, and data acquisition capabilities across multiple communication protocols, independent of automation projects.

SIMATIC Process Historian is the long term archive system for SIMATIC PCS 7, SIMATIC WinCC and SIMATIC PCS neo. It stores process values, alarms and batch data of production plants in its database and offers historical process data to reporting and visualization applications.

SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for use in applications requiring a high degree of customer-specific adaptability, large or complex applications and projects that impose specific system requirements or functions.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2025-47809

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.

CVSS v3.1 Base Score	8.2
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE	CWE-272: Least Privilege Violation

ADDITIONAL INFORMATION

User Account Control (UAC) is a security feature in Microsoft Windows that helps prevent unauthorized changes to the operating system by prompting users for permission or an administrator password before allowing actions that could affect the computer's security.

For more details regarding the vulnerability in CodeMeter Runtime refer to:

WIBU Systems Security Advisory WIBU-100120: https://www.wibu.com/support/security-advisories/wibu-100120.html

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-08-12):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.