lifescience.evidentscientific.com.cn Open in urlscan Pro
69.234.219.95  Public Scan

Form analysis
1 forms found in the DOM

GET /en/search-results/

<form action="/en/search-results/" method="GET"><input type="text" placeholder="Enter search term(s)" name="0[CMS::Meta][search]" value=""><button type="submit">
    <sys:protect><i class="fa fa-search"></i></sys:protect>
  </button></form>

Text Content

Get in TouchGet in Touch

 * Products▾
   * Laser Scanning Microscopes
   * Super Resolution Microscopes▾
     * Super Resolution Microscope System
     * Abbelight SAFe Systems
   * Solutions-Based Systems▾
     * Inverted Imaging Platforms
     * High-Content Screening Station
     * ICSI/IMSI Platforms
     * Bioluminescence Imaging System
     * Research Slide Scanner
     * Light Sheet Microscope
     * Digital Imaging System
     * Single Slide Scanner
     * Alpha 3 Facility Edition
     * Digital Pathology Slide Scanner
   * Inverted Microscopes▾
     * Digital Imaging System
     * Compound Microscope System
     * Automated Microscope System
     * Live Cell Imaging Microscope System
     * TIRF Imaging Microscope System
     * Confocal Imaging Microscope System
     * Super Resolution Microscope System
     * Compact Cell Culture Microscopes
   * Upright Microscopes▾
     * Fluorescence Microscopes
     * Clinical Microscopes
     * Fixed Stage Microscope
     * Polarizing Microscope
     * Routine Microscopes
     * Educational Microscopes
     * Biological Microscopes
     * Laboratory Microscopes
   * Stereo Microscopes▾
     * Research Stereo Microscope System
     * Stereo Microscope System
     * Compact Stereo Microscopes
     * Dissecting Microscopes
   * Macro Zoom Microscopes▾
     * Macro Zoom Fluorescence Microscope System
   * Cell Culture and Cell Monitoring Solutions▾
     * Incubation Monitoring System
     * Compact Inverted Microscopes
   * Microscope Cameras▾
     * Digital Microscope Color Cameras
     * Digital Microscope Monochrome Cameras
   * Microscope Software▾
     * Imaging Software
     * 3D Cell Analysis Software
   * Optics and Microscope Accessories▾
     * Objectives
     * Optics
     * Light Sources
   * OEM Microscope Components for Integration
   * Customized Solutions
 * Applications▾
   * Life Science Research▾
     * Cancer Research
     * Cell Culture
     * Developmental Biology
     * Drug Discovery
     * Fluorescence Imaging
     * Live-Cell Imaging
     * Molecular Cell Biology
     * Neuroscience
     * Regenerative Medicine
   * Clinical▾
     * Clinical Laboratory Test
     * Conference
     * IVF/ICSI
     * Pathology and Cytology
   * Education
   * OEM Microscope Components for Integration
 * Blog
 * Resources
 * Learn
 * Support▾
   * Contact Us
   * Service Center
   * Software Downloads
   * Instruction Manual Downloads
   * Discontinued Products
   * SDS
   * Certificates & Quality Standards
   * Compliance and Ethics at Evident
   * EVIDENT Modern Slavery Act Statement
   * Product Information


   What is EVIDENT?
 * 
 * Search

DE
DE   |   EN | 简体中文 (Simplified Chinese)
Life Science Solutions


PRODUCT INFORMATION



Home/ Product Information

1 March, 2024


SOFTWARE VULNERABILITIES NOTICE REGARDING EVIDENT MICROSCOPE SOFTWARE

Due to a severe security vulnerability issue in a third-party component used in
Evident Application Software, it is strongly advised to install the provided
Service Update. This Service Update provides a version of the affected component
that closes the vulnerability gap.

The target software is as follows.

 * cellSens
   Entry, Standard, Dimension, Dimension Desktop, APEX Version 3.2 or later
   (launched 2021)
 * VS120
   VS-ASW, VS-Desktop, DB Admin, NIS / SQL Version 2.9.2 or later (launched
   2019)
 * VS200
   VS200-ASW, VS200-Desktop, DB Admin, NIS / SQL Version 3.1 or later (launched
   2019)
 * OLYMPUS Stream
   Current: Stream Enterprise, Stream Enterprise Desktop, SFR
   Legacy: Stream Start, Stream Basic, Stream Essentials, Stream Motion, Stream
   Desktop)
   Version 2.4 or later (launched 2019)
 * CIX
   CIX-ASW, CIX-SZX Version 1.4 or later (launched 2019)
 * PRECiV
   Capture, Core, Pro, Desktop, DSX Version 1.1 or later (launched 2022)
 * DP2-AOU Version 1.1 or later (launched 2020)

As a result of our survey, it revealed that there are two vulnerabilities.

CVE-2023-3935: A heap buffer overflow vulnerability in Wibu CodeMeter Runtime
CVE-2023-38545: This flaw makes curl overflow a heap based buffer in the SOCKS5
proxy handshake

Please see for more information.

Product Security Advisory WIBU-230704-01-v3.0
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf

Product Security Advisory WIBU-231017-01
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-231017-01.pdf

NIST(*1) NVD(*2)
https://nvd.nist.gov/vuln/detail/CVE-2023-3935
https://nvd.nist.gov/vuln/detail/CVE-2023-38545

(*1) NIST: National Institute of Standards and Technology
(*2) NVD: National Vulnerability Database

THE IMPACT OF THE SECURITY VULNERABILITY

CVE-2023-3935
The impact depends on where CodeMter is installed.

a) CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server
Successful exploitation of this vulnerability could allow an unauthenticated
remote attacker to execute code on vulnerable products.

b) CodeMeter Runtime is configured as a client
An authenticated local attacker to gain root/admin privileges on vulnerable
products.

CVE-2023-38545
Customer floating license server and listed applications above use the affected
CodeMeter Runtime which internally use the libcurl in a version that is
vulnerable to a buffer overflow attack if curl is configured to redirect traffic
through a SOCKS5 proxy.
A malicious proxy can exploit a bug in the implemented handshake to cause a
buffer overflow.

If you have installed the CodeMeter license server yourself, sending manipulated
packets can cause a crash of it or possibly code can be smuggled in and
executed.

WORKAROUND

Install the provided Service Update.
If auto update function is enabled, it appears the notice to install service
update on your PC.

(For DP2-AOU users)
Please refer to the "Installing dedicated device drivers" section of the
instruction manual and prepare to apply the update.
Furthermore, if you have enabled DP2-AVS (Antivirus software license), please
also refer to "Preparing to launch the installation/update program" section of
the instruction manual.

This service update is available for the following operating systems.

 * Windows 10 (32-bit / 64-bit)
 * Windows 8 / 8.1 (32-bit / 64-bit)
 * Windows 11 (64-bit)
 * Windows Server 2012 (64-bit)
 * Windows Server 2016 (64-bit)
 * Windows Server 2019 (64-bit)
 * Windows Server 2022 (64-bit)

CONFIRMATION BEFORE INSTALLATION

Make sure that all applications are closed.

INSTALLATION PROCEDURE

1. Start Windows.

2. Log on with administrator rights.

3. Download the Service Update file (CodeMeter_7_60d.exe) from the below.
https://serviceupdates.olympus-sis.com/DownloadArea

4. Make sure that all applications are closed.

5. Double-click the Service Update file.

6. If the user account control dialog is displayed, select 'Yes'.

7. When you are asked if you want to install CodeMeter 7.60d confirm with ‘Yes’.



8. A console window appears, type ‘y’ to confirm and proceed.



9. When the setup is complete, press any key to close the console window.



10. Check the version of CodeMeter.
Right-click from the CodeMeter tool on the task bar and click ‘About’ to verify
that it is version 7.60d.



(For DP2-AOU users)
Launch "CodeMeter Control Center" from the Windows menu, then select "About
CodeMeter Control Center" from the menu of the application and verify that it is
version 7.60d.







If you are using the cellSens or Stream, and have enabled the auto update
function, please take the following actions.

1. If you are connected to the internet, it appears the update notice dialog on
your PC when you start the software.



Select ‘Do not tell me again and ignore the updates listed above in future
checks’ on Update notice dialog, then press ‘OK’.



2. If it appears the update notice dialog on your PC before updates, check the
version of CodeMeter.

(a) The case that the version of CodeMeter is 7.60d.
Select ‘Do not tell me again and ignore the updates listed above in future
checks’ on reminder dialog, then press ‘OK’.



(b) The case that the version of CodeMeter is NOT 7.60d.
Install the Service Update according to the above installation procedure.





Back to Product Information






 * 
 * Contact UsContact Us
 * 
 * 

 * Subscribe to Mailing ListSubscribe to Mailing List


  Print

 * Microscopes▾
   * Laser Scanning Microscopes
   * Super Resolution Microscopes
   * Inverted Microscopes
   * Upright Microscopes
   * Stereo Microscopes
   * Research Macro Zoom Microscopes
 * Solution Based Systems▾
   * Inverted Imaging Platforms
   * High-Content Screening Station
   * ICSI/IMSI Platforms
   * Bioluminescence Imaging System
   * Research Slide Scanner
   * Light Sheet Microscope
   * Digital Imaging System

 * Cell Culture Equipment▾
   * Compact Cell Culture Microscopes
 * Cameras▾
   * Color Cameras
   * Monochrome Cameras
 * Software▾
   * Imaging Software

 * Optics & Accessories▾
   * Objectives
   * Optics
   * Light Sources
 * Featured Pages▾
   * Industrial Microscopes
   * Microscope Resource Center
   * Image of the Year

 * Support▾
   * Contact Us
   * Service Center
   * Software Downloads
   * Discontinued Products
   * Product Information
   * SDS
   * Certificates & Quality Standards

Copyright Evident, All rights reserved. 沪ICP备2022019749号

Terms Of Use | Privacy Notice | Cookies | Cookie Settings | About Us





   沪公网安备 31010402009913号


Cancel




REDIRECTING

You are being redirected to our local site.

Attention: Please enable JavaScript