OpenCVE

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Active Management Technology Firmware Converged Security Management Engine Firmware Manageability Engine Firmware
Siemens	Simatic Field Pg M5 Simatic Field Pg M5 Firmware Simatic Ipc427e Simatic Ipc427e Firmware Simatic Ipc477e Simatic Ipc477e Firmware Simatic Ipc547e Firmware Simatic Ipc547g Simatic Ipc627d Simatic Ipc627d Firmware Simatic Ipc647d Simatic Ipc647d Firmware Simatic Ipc677d Simatic Ipc677d Firmware Simatic Ipc827d Simatic Ipc827d Firmware Simatic Ipc847d Simatic Ipc847d Firmware Simatic Itp1000 Simatic Itp1000 Firmware Simatic Pc547e Simatic Pc547g Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:simatic_ipc547e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pc547e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:simatic_pc547g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:simatic_ipc627d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc627d:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:simatic_ipc677d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc677d:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:simatic_ipc827d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc827d:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:a:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::
	cpe:2.3:o:intel:manageability_engine_firmware::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106996
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2018-09-12T19:00:00Z

Updated: 2024-09-16T20:01:21.908Z

Reserved: 2017-12-28T00:00:00

Link: CVE-2018-3657

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-12T19:29:02.840

Modified: 2023-08-17T17:43:03.567

Link: CVE-2018-3657

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object