A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.
Conclusion & alert: CVE-2021-20093 is rated High Exploit Risk (90.8/100): CVSS Critical severity, with high exploitation likelihood (EPSS 33.30%, 98th percentile). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +25.10% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 8.20% | 33.30% | +25.10% |
| 2 | 2026-03-04 | 2.72% | 8.20% | +5.48% |
| 3 | 2026-03-01 | — | 2.72% | — |
Full EPSS history (55 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.1 | 3.1 | CRITICAL |
|
3.9 | 5.2 | [email protected] |
| 6.4 | 2.0 | MEDIUM |
|
10.0 | 4.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| wibu | codemeter | <= 7.21a | cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:* |
| siemens | pss_cape | — | cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:* |
| siemens | sicam_230_firmware | — | cpe:2.3:o:siemens:sicam_230_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_information_server | 2019 | cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:* |
| siemens | simatic_information_server | 2020 | cpe:2.3:a:siemens:simatic_information_server:2020:-:*:*:*:*:*:* |
| siemens | simatic_pcs_neo | < 3.1 | cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:* |
| siemens | simatic_wincc_oa | 3.17 | cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:* |
| siemens | simatic_wincc_oa | 3.18 | cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:* |
| siemens | simit_simulation_platform | >= 10.0, < 10.3 | cpe:2.3:a:siemens:simit_simulation_platform:*:*:*:*:*:*:*:* |
| siemens | simit_simulation_platform | 10.3 | cpe:2.3:a:siemens:simit_simulation_platform:10.3:-:*:*:*:*:*:* |
| siemens | sinec_infrastructure_network_services | < 1.0.1.1 | cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* |
| siemens | sinec_infrastructure_network_services | 1.0.1 | cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:* |
| siemens | sinema_remote_connect_server | < 3.0 | cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* |
| siemens | sinema_remote_connect_server | 3.0 | cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:-:*:*:*:*:*:* |
| siemens | sinema_remote_connect_server | 3.0 | cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:sp1:*:*:*:*:*:* |
| siemens | simatic_process_historian | >= 2019, < 2020 | cpe:2.3:h:siemens:simatic_process_historian:*:*:*:*:*:*:*:* |
| siemens | simatic_process_historian | 2020 | cpe:2.3:h:siemens:simatic_process_historian:2020:-:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf | Mitigation Vendor Advisory |
| https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf | Patch Third Party Advisory |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02 | Third Party Advisory US Government Resource |
| https://www.tenable.com/security/research/tra-2021-24 | Exploit Patch Third Party Advisory |