Do I still have to install the update?Ī: If you host a CmWAN server, make sure that access over the Internet is possible only with credentials and that attackers cannot gain access to your network. Q: My systems are running in a protected environment. You must apply the update on all systems on which you have CmWAN enabled. Q: Do I have to install the update on all systems?Ī: If CmWAN is enabled, CodeMeter Runtime is affected on all platforms (Windows, macOS, Linux). If configured this way, CVE-2021-20093 cannot be exploited. The CmWAN server is deactivated, if the log states "Run as CmWAN server: no". Q: How can I verify that CmWAN is deactivated?Ī: Upon starting CodeMeter, the logging – visible, for example, in the Events tab of CodeMeter Control Center – logs whether the CmWAN server is active. In this scenario, only authenticated users could exploit the vulnerability over the Internet. The CmWAN servers can be accessed via the Internet, but access is protected by credentials. When CmWAN is enabled, an attacker must have access either to the system itself or to a system on the same network to exploit the vulnerability. ![]() If you do not have it enabled, CVE-2021-20094 does not affect you. CodeMeter with a SAP back office solutionįAQ last updated: Frequently Asked Questions (Q&A) Q: How critical is the situation in practice?Ī: CmWAN is disabled by default. ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |