Since 2011, our Common Vision Blox and Common Vision Blox CameraSuite software includes the CodeMeter Runtime from WIBU Systems. WIBU Systems recently published six security issues in different versions of the CodeMeter Runtime. These pose an increased risk for systems that are connected to the company network or the Internet. A successful exploitation of these security issues can not only interfere with the operation of Common Vision Blox, but may also enable the execution of foreign code (details are available at https://www.wibu.com/support/security-advisories.html).
The following versions of Common Vision Blox and Common Vision Blox CameraSuite are affected by the security issue of the CodeMeter Runtime:
| Product Variant | Affected |
|---|---|
| Windows 32 and 64 Bit | all versions since 2011 (11.00.000) |
| Linux x86_64 and i686 | all versions since 2011 (11.00.000) |
| Linux armv7l | all versions before 2019 (13.02.000) |
| Linux aarch64 | no version |
Also affected are users of older versions of Common Vision Blox prior to 2011 who have installed the “Common Vision Blox Protection Updater” to use CodeMeter dongles with these older versions.
The newly released version 13.02.004 of Common Vision Blox is not affected!
Following the recommendation of WIBU Systems we advise affected users on computers connected to their company network and/or the Internet to update the system to the recently released version 7.10a of the CodeMeter Runtime. Depending on the version of Common Vision Blox that you are using, additional steps might be necessary:
Windows (Win32 & x64)
| Version | Fix |
|---|---|
| 13.xx.xxx (2018 and later) | For Common Vision Blox 13.xx.xxx (2018 or later, up to and including 13.02.003) on Windows it is sufficient to run the CodeMeter Runtime 7.10a installer. This installer addresses Win32 as well as x64 systems. It will not be necessary to uninstall anything prior to running it. Alternatively you can upgrade to version 13.02.004 of Common Vision Blox. Head to the #downloads section and pick the version you need. |
| 11.xx.xxx and 12.xx.xxx (before 2018) | On systems running versions of Common Vision Blox published prior to 2018 additional steps in addition to the installation of the CodeMeter Runtime 7.10a (see above) will be needed to apply the fix: |
| 1. Download and install the version of the Visual C++ runtime that matches the architecture of Common Vision Blox you have installed (Win32 or x64. | |
| 2. Download an updated version of the CVB Management Service (CvMgmtSvc.exe) that matches the architecture of Common Vision Blox you have installed (Win32 or x64). | |
| 3. Now open a command prompt with administrative privileges and execute the command “net stop cvmgmtsvc”. This will terminate the running service. | |
| 4. Afterwards please replace the executable “CvMgmtSvc.exe” which is - depending on your combination of operating system architecture and architecture of Common Vision Blox - located either in C:\Windows\System32 or in C:\Windows\SysWOW64 with the executable you just downloaded. | |
| 5. Return to the command prompt with administrative privileges and execute the command “net start cvmgmtsvc”. This will start the service binary you just replaced. | |
| 6. Windows 7 users only: Open CodeMeter Control Center and from there, open the WebAdmin page (Menu: File - WebAdmin). This will open your default browser and point it to the WebAdmin page of CodeMeter. Click “Configuration”, then open the “Proxy” tab and select the option “No proxy”, then confirm by pressing “Apply”. | |
| Common Vision Blox Protection Updater | Users who have installed the Common Vision Blox Protection Updater please follow the instructions above as if they were using a 32 bit build of version 11.00.000. |
Linux (x86_64 & i686)
| Version | Fix |
|---|---|
| all | On Linux systems it is recommended to first remove the current installation by running the “uninstall.sh” script that came with the download of Common Vision Blox. Then replace the codemeter*.deb Debian package in your downloaded Common Vision Blox installation folder with the new Codemeter Runtime package that matches your architecture (download either i686 or x86_64) and run the “install.sh” script to reinstall Common Vision Blox. |
Linux (aarch64 & armv7hf)
| Version | Fix |
|---|---|
| all | For the armv7hf releases prior to version 13.02.xxx of Common Vision Blox the procedure is the same as for the PC based Linux releases (download armv7hf). Versions in the 13.02.xxx range are not affected by the security advisory and do not require any action. Releases of Common Vision Blox targeting the aarch64 platform also do not require any action. |
Alternatively, an update to the soon to be released Common Vision Blox 13.02.004 solves the problem for all variants of Common Vision Blox and the Common Vision Blox CameraSuite.
If you have further questions about the security vulnerability in the CodeMeter Runtime and the recommendations given here, please contact our support at https://www.commonvisionblox.com/en/request-support-2/ or de.support@stemmer-imaging.com.