Product Security Updates
19.10.2020 - Important Security Notice
Vulnerabilities in Image Acquisition software regarding security for the following Imaging Software and Products:
LAS AF | LMD | PAULA | LAS X versions for Confocal, Widefield, and Industry
Recommendation for Corrective Action
Leica Microsystems strongly recommends checking your current version and ensuring that the system setup is up-to-date using the solutions described below. If you are still using one of the software versions listed, please follow these instructions to update your system as soon as possible. To learn about the technical background of the vulnerability, which will be solved by following these instructions, please see “Description of the Problem and Potential Risk” at the end of this page.
Security Advice – Step by Step Solution Description
- Please select the software that you are using in the tabs below
- Lookup the entry for your version and system in the table and follow the instructions (Note: You can find the version number of your software by selecting ‘About…’ in the ‘Help’ menu)
If you have additional questions, you can also contact your Leica Technical Support. In general, we strongly advise that you do not accept any certificates and licenses from untrusted sources and avoid visiting potential malicious websites.
Version | System | Solution Description |
| 3.0.0 and higher | SP8 | Please contact your Leica Technical Support to implement the update to version 3.5.7. If you do not want to update your software at the moment, please follow the instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| Other | All | Solution: Block the TCP port 22350 To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
Version | System | Solution Description |
| 8.x.x | All | Solution: Update to version 8.2.3 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LMD_8.2.3.7603.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| 7.x.x | All | Solution: Update to version 8.2.3 Please note that this update is tested only for systems with Windows 10. If you run another version of Windows, please contact your Leica Technical Support for Windows 10 upgrade options. For Windows 10: 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LMD_8.2.3.7603.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
Version | System | Solution Description |
| 1.x.x | All | Solution: Update to version 1.2.3
|
Version | System | Solution Description |
| 1.x.x | Confocal LifeScience System | Please contact your Leica Technical Support to implement the update to version 3.5.7. If you do not want to update your software at the moment, please follow the instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 1.x.x up to 3.0.11 | Industry System | Update to version 3.0.15 This update is tested only for systems with Windows 10. 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.0.15_23304_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| 1.0.0 up to 3.6.0 | Widefield LifeScience System | Solution: Update to version 3.6.1 |
| 2.0.0 | Confocal LifeScience System | Please contact your Leica Technical Support to implement the update to version 3.5.7. If you do not want to update your software at the moment, please follow the instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 2.0.1 or 2.0.2 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.0.12 up to 3.0.13 | Industry System | Solution: Update to version 3.0.14 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.0.14_23224_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| 3.1.0 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.1.1 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.1.2 | Confocal LifeScience System | Solution: Update to version 3.5.7 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| 3.1.5 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.4.0 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.5.0 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.5.1 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.5.2 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.5.5 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.5.6 | Confocal LifeScience System | If you are using advanced modalities such as STED or DIVE, please contact your Leica Technical Support to implement the update to version 3.5.7. If you own a customized solution or you do not want to update your software at the moment, please follow the instructions bewlow to block the TCP port 22350. If you are working with standard confocal only, please follow the instructions below. Update to version 3.5.7 (standard confocal mode operation only) 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_3.5.7_23225_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. instructions below to block the TCP port 22350. To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 3.7.0 up to 3.7.2 | Widefield LifeScience System | Solution: Update to version 3.7.3 |
| All Versions | Widefield LifeScience Systems GSD, TIRF-Confical | Solution: Block the TCP port 22350 To stop attackers from being able to exploit the vulnerability, the TCP port 22350 needs to be blocked in the network communication. It can be done either in your local Windows system (instructions for LAS X and PAULA and instructions for LMD instruments) or in your organization’s network firewall system. Please contact your IT admin for support to block the TCP port 22350. Once this port is blocked, you can continue working with your imaging software. In case activation of licenses might be blocked, please use the file-based activation via e-mail. |
| 4.0.1 | Confocal LifeScience System | Solution: Update to version 4.1.1 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_4.1.1_23273_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| 4.0.2 | Confocal LifeScience System | Solution: Update to version 4.1.1 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_4.1.1_23273_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| 4.1.0 | Confocal LifeScience System | Solution: Update to version 4.1.1 1) To install the new version, first download the zip file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_4.1.1_23273_Setup.zip 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| Offline | Confocal LifeScience System (Legacy) | Solution: Update to offline version 3.5.7 1) To install the new version, first download the executable file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_Small_3.5.7_23225_Setup.exe 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| Offline | Confocal LifeScience System (STELLARIS) | Solution: Update to offline version 4.1.1 1) To install the new version, first download the executable file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_Small_4.1.1_23273_Setup.exe 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| Offline | Widefield LifeScience System | Solution: Update to offline version 3.7.3 1) To install the new version, first download the executable file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_Small_3.7.3_23245_Setup.exe 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
| Offline | Industry System | Solution: Update to offline version 3.0.14 1) To install the new version, first download the executable file from the following link webshare3.leica-microsystems.com/downloads/LAS_X_Small_3.0.14_23224_Setup.exe 2) Unzip the ZIP file on your local computer 3) From the unzipped files start the file Setup.exe (run as administrator) 4) Follow the instructions of the installation program If you have blocked the TCP port 22350 in the network or on your local machine as a temporary protection, you can unblock it now that you have installed the update. |
FAQs
Q: Is there a guide on how to block the TCP port 22350 in Windows 7?
A: Please use the following guidelines for Windows 7 based systems: Windows 7 Work Instructions.
Q: To block the TCP port 22350, I need an admin password for my Windows PC. What is the password for the admin account?
A: Please contact your local IT department. In case the PC was delivered by Leica Microsystems as part of a system solution, please contact technical service via the Service Portal.
Q: I assume that the vulnerability is with your application software only, but because we use the Leica SDK hardware, I would like to know whether it is also affected?
A: This issue does not affect the Leica SDK hardware for developers nor the Hardware Configurator, because they do not install and do not use the vulnerable component.
Q: Does the current security issue also affect the free LASX offline packages?
A: Yes, this affects also the free LASX offline packages.
Q: I want to solve this issue myself ASAP and noticed that WIBU provides the latest CodeMeter version on their web page. Can I update the CodeMeter software to the latest version to fix the security issue myself?
A: No, you need to install the next released software version from Leica Microsystems to solve this security issue. The release will be communicated on our webpage.
Q: Where can I find the release notes for the new software versions listed above?
A: The release notes for the individual versions can be found at the following links
- LASX 3.0.14: LAS_X_3.0.14_ReleaseNotes_Industry.pdf
- LASX 3.0.15: LAS_X_3.0.15_ReleaseNotes_Industry.pdf
- LASX 3.5.7: LAS_X_3.5.7_ReleaseNotes.pdf
- LASX 3.6.1: LAS_X_3.6.1_ReleaseNotes_Widefield.pdf
- LASX 3.7.3: LAS_X_3.7.3_ReleaseNotes_Widefield.pdf
- LAS X 4.1.1: LAS_X_4.1.1_ReleaseNotes.pdf
- LASX Offline Version Widefield Life Science Systems: LAS_X_3.7.3_ReleaseNotes_Widefield.pdf
- LASX Offline Version Applied Microscopy: LAS_X_3.0.14_ReleaseNotes_Industry.pdf
- LASX Offline Version 3.5.7 Confocal Life Science Systems Microscopy: LAS_X_3.5.7_ReleaseNotes.pdf
- LASX Offline Version 4.1.1 Confocal Life Science Systems Microscopy: LAS_X_4.1.1_ReleaseNotes.pd
- LMD 8.2.3: LMDWhatsNew_823.pdf
- Paula 1.2.3: PAULA_ReleaseNotes_1.2.3.pdf
Description of the Problem and Potential Risk
The software vendor WIBU Systems disclosed vulnerabilities in their product CodeMeter. This product is widely used in the industry for license management and is also embedded in image acquisition software from Leica Microsystems (in product lines LAS X , LAS AF, PAULA, LMD). The ability to exploit the vulnerability is limited to computers connected to a network. In a worst-case scenario, an attacker could cause a denial-of-service condition and attain remote code execution on the PC where the acquisition software is installed.
In general, please do not accept any certificates and licenses from untrusted sources and avoid visiting potentially malicious websites.
More information
For more details regarding the vulnerabilities in CodeMeter Runtime refer to:
- CISA Industrial Control Systems Advisory ICSA-20-203-01
- WIBU Systems Security Advisories
- WIBU Systems CodeMeter Runtime (please note: Using the latest version of the license component as a patch may result in limited functionality of your imaging software. Therefore, we recommend that you block the TCP port 22350 in the firewall as described above.)