CVE-2020-8744

Published: Nov 12, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected (10)

Products: Intel: Converged Security And Management Engine, Server Platform Services, Trusted Execution Engine · Siemens: Simatic S7 1518 4 Pn/dp Mfp Firmware, Simatic S7 1518f 4 Pn/dp Mfp Firmware, Simatic S7 1500 Firmware

3 products

Converged Security And Management Engine

Server Platform Services

Trusted Execution Engine

3 products

Simatic S7 1518 4 Pn/dp Mfp Firmware

Simatic S7 1518f 4 Pn/dp Mfp Firmware

Simatic S7 1500 Firmware

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Intel Converged Security And Management Engine	Before 12.0.70
Intel Converged Security And Management Engine	From 13.0.0 to 13.0.40
Intel Converged Security And Management Engine	From 13.30.0 to 13.30.10
Intel Converged Security And Management Engine	From 14.0.0 to 14.0.45
Intel Converged Security And Management Engine	From 14.5.0 to 14.5.25
Intel Server Platform Services	Before e3_05.01.04.200
Intel Trusted Execution Engine	Before 4.0.30

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1518 4 Pn/dp Mfp Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic S7 1518 4 Pn/dp Mfp	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1518f 4 Pn/dp Mfp Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic S7 1518f 4 Pn/dp Mfp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1500 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic S7 1500	All versions

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (10)

https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf

Source: secure@intel.com

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20201113-0002/

Source: secure@intel.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201113-0004/

Source: secure@intel.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201113-0005/

Source: secure@intel.com

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Source: secure@intel.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20201113-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201113-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201113-0005/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.