Due to a serious security vulnerability issue in a third-party component used in Olympus application software, it is strongly advised to install the provided Service Update. This Service Update provides a newer version of the affected component that closes the vulnerability gap.
The target software is as follows:
- All editions of cellSens imaging software version 1.7 or newer
- All editions of OLYMPUS Stream imaging software
- All editions of the VS200 research slide scanner
- Version 2.9.2 of VS120 virtual slide microscope
- OLYMPUS CIX100 cleanliness inspector
- Olympus Net Image Server (NIS) SQL
Security vulnerability description:
Our survey shows there is one vulnerability, CVE-2021-20093 that correspond to our target software (see above).
CVE-2021-20093
An attacker could send a specially crafted packet that could have the CodeMeter Runtime Network Server send back packets containing data from the heap or crash the CodeMeter Runtime Server. Please see the following web sites below for details:
Security Advisory WIBU-210423-01
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf
NIST NVD
https://nvd.nist.gov/vuln/detail/CVE-2021-20093
Workaround:
Install the provided Service Update.
If auto update function is enabled, the notice to install a service update on your PC will appear.
This service update is available for the 32-bit and 64-bit versions of the following operating systems:
- Windows 10
- Windows 8.1
- Windows 7
Installation Procedure
1. Start Windows.
2. Log on with administrator rights.
3. Download the Service Update file (CodeMeter_7_21a.exe) from the link below:
https://serviceupdates.olympus-sis.com/DownloadArea
4. Confirm that all applications are closed.
5. Double-click the Service Update file.
6. If the user account control dialog is displayed, select Yes.
7. When asked if you want to install CodeMeter 7.21a, confirm with Yes.
8. A console window will appear; type ‘y’ to confirm and proceed.
9. When the setup is complete, press any key to close the console window.
10. Check the version of CodeMeter.
Right-click the CodeMeter tool on the task bar and click About to verify that it is version.
If you are using cellSens or OLYMPUS Stream software and have enabled the auto update function, please take the following actions:
1. If you are connected to the internet, the update notice dialog will appear on your PC when you start the software
Select ‘Do not tell me again and ignore the updates listed above in future checks’ on the update notice dialog, then press OK.
2. If the update notice dialog appears on your PC before updates, check the version of CodeMeter.
(a) If the version of CodeMeter is 7.21a:
Select ‘Do not tell me again and ignore the updates listed above in future checks’ on reminder dialog, then press OK.
(b) If the version of CodeMeter is NOT 7.21a:
Install the Service Update according to the above installation procedure.
Back to Product Information