Evident LogoOlympus Logo

产品信息

2020年 10月 15日

Vulnerability Notice Regarding Olympus Microscope Software

Due to a severe security vulnerability issue in a third-party component used in Olympus application software, it is strongly advised to install the provided Service Update. This Service Update provides a version of the affected component that closes the vulnerability gap.

The target software includes:

  • All editions of cellSens imaging software version 1.7 or newer
  • All editions of OLYMPUS Stream imaging software
  • All editions of the VS120 virtual slide microscope
  • All editions of the VS200 research slide scanner
  • OLYMPUS CIX100 cleanliness inspector
  • lab Sens
  • Olympus Net Image Server (NIS) SQL
  • IX-SCAN

Related vulnerabilities include:

CVE-2020-14509: CodeMeter Runtime DoS due to Buffer Access with Incorrect Length Value
CVE-2020-14517: CodeMeter Runtime API: Inadequate Encryption Strength and Authentication
CVE-2020-14519: CodeMeter Runtime WebSocket API: Missing Origin Validation
CVE-2020-14513: Improper Input Validation of Update Files in CodeMeter Runtime
CVE-2020-14515: Improper Signature Verification of Update Files in CodeMeter Runtime
CVE-2020-16233: CodeMeter Runtime API: Heap Leak

Our survey shows there are two vulnerabilities, CVE-2020-14509 and CVE-2020-14519, that correspond to our target products.

Please visit these links for more information:

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

https://www.wibu.com/us/support/security-advisories.html

The Impact of the Security Vulnerability

CVE-2020-14509
If you installed the CodeMeter license server yourself, sending manipulated packets can cause it to crash or code can possibly be smuggled in and executed.

CVE-2020-14519
There is a risk that the software will not start properly due to modification of the license files.

These issues will no longer happen once you install the service update.

Workaround

Install the provided Service Update.
If auto update function is enabled, the notice to install a service update on your PC will appear.

This service update is available for the 32-bit and 64-bit versions of the following operating systems:

  • Windows 10
  • Windows 8.1
  • Windows 7

Before installation, confirm that all applications are closed.

Installation Procedure

1. Start Windows.

2. Log on with administrator rights.

3. Download the Service Update file (CodeMeter_7_10a.exe) from the link below:

https://serviceupdates.olympus-sis.com/DownloadArea

4. Double-click the Service Update file.

5. If the user account control dialog is displayed, select Yes.

6. When asked if you want to install CodeMeter 7.10a, confirm with Yes.

severe-security-vulnerability-issue_01

7. A console window will appear; type ‘y’ to confirm and proceed.

severe-security-vulnerability-issue_02

8. When the setup is complete, press any key to close the console window.

severe-security-vulnerability-issue_03

9. Check the version of CodeMeter.
Right-click the CodeMeter tool on the task bar and click About to verify that it is version 7.10a.

severe-security-vulnerability-issue_04

severe-security-vulnerability-issue_05

If you are using cellSens or OLYMPUS Stream software and have enabled the auto update function, please take the following actions:

1. If you are connected to the internet, the update notice dialog will appear on your PC when you start the software

severe-security-vulnerability-issue_06

Select ‘Do not tell me again and ignore the updates listed above in future checks’ on the update notice dialog, then press OK.

severe-security-vulnerability-issue_07

2. If the update notice dialog appears on your PC before updates, check the version of CodeMeter.

(a) If the version of CodeMeter is 7.10a:
Select ‘Do not tell me again and ignore the updates listed above in future checks’ on reminder dialog, then press OK.

severe-security-vulnerability-issue_08

(b) If the version of CodeMeter is NOT 7.10a:
Install the Service Update according to the above installation procedure.

Back to Product Information

对不起,此内容在您的国家不适用。

Sorry, this page is not available in your country