← Back

CVE-2018-3657

nvd nist
Published: Sep 12, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

Affected (14)

Siemens
11 products
Simatic Field Pg M5 Firmware
Simatic Ipc427e Firmware
Simatic Ipc477e Firmware
Simatic Ipc547e Firmware
Simatic Pc547g Firmware
Simatic Ipc627d Firmware
Simatic Ipc647d Firmware
Simatic Ipc677d Firmware
Simatic Ipc827d Firmware
Simatic Ipc847d Firmware
Simatic Itp1000 Firmware
Intel
3 products
Active Management Technology Firmware
Converged Security Management Engine Firmware
Manageability Engine Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Field Pg M5 Firmware
Before 22.01.06
Running on/withPlatform Versions
Siemens
Simatic Field Pg M5
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc427e Firmware
Before 21.01.09
Running on/withPlatform Versions
Siemens
Simatic Ipc427e
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc477e Firmware
Before 21.01.09
Running on/withPlatform Versions
Siemens
Simatic Ipc477e
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc547e Firmware
Before r1.30.0
Running on/withPlatform Versions
Siemens
Simatic Pc547e
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Pc547g Firmware
Before r1.23.0
Running on/withPlatform Versions
Siemens
Simatic Ipc547g
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc627d Firmware
Before 19.02.11
Running on/withPlatform Versions
Siemens
Simatic Ipc627d
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc647d Firmware
Before 19.01.14
Running on/withPlatform Versions
Siemens
Simatic Ipc647d
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc677d Firmware
Before 19.02.11
Running on/withPlatform Versions
Siemens
Simatic Ipc677d
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc827d Firmware
Before 19.02.11
Running on/withPlatform Versions
Siemens
Simatic Ipc827d
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc847d Firmware
Before 19.01.14
Running on/withPlatform Versions
Siemens
Simatic Ipc847d
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Itp1000 Firmware
Before 23.01.04
Running on/withPlatform Versions
Siemens
Simatic Itp1000
All versions
Configuration L
3 vulnerable
Vulnerable SoftwareAffected Versions
Active Management Technology Firmware
Before 12.0.5
Converged Security Management Engine Firmware
From 11.0.0 to 12.0.5
Manageability Engine Firmware
From 9.0.0.0 to 11.0

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

Source: secure@intel.com
Third Party AdvisoryVDB Entry
Source: secure@intel.com
PatchThird Party Advisory
Source: secure@intel.com
Third Party AdvisoryUS Government Resource
Source: secure@intel.com
Third Party Advisory
Source: secure@intel.com
Third Party Advisory
Source: secure@intel.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.