Siemens SIMATIC S7-1500

2021-05-11T12:00:00

Description

## 1\. EXECUTIVE SUMMARY * **CVSS v3 7.8** * **ATTENTION:** Low attack complexity * **Vendor: **Siemens * **Equipment: **SIMATIC S7-1500 CPU 1518F-4 * **Vulnerabilities:** Improper Initialization, Improper Restriction of Operations within the Bounds of a Memory Buffer ## 2\. RISK EVALUATION Successful exploitation of these Intel product vulnerabilities could allow unauthorized privilege escalation. ## 3\. TECHNICAL DETAILS ### 3.1 AFFECTED PRODUCTS The following versions of SIMATIC S7-1500 CPU 1518-4, are affected by vulnerabilities in Intel products: * SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant): All versions * SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0): All versions ### 3.2 VULNERABILITY OVERVIEW #### 3.2.1 [IMPROPER INITIALIZATION CWE-665](<https://cwe.mitre.org/data/definitions/665.html>) Improper initialization in subsystem for Intel(R) CSME may allow a privileged user to enable escalation of privilege via local access. [CVE-2020-8744](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8744>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). #### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS CWE-119](<https://cwe.mitre.org/data/definitions/119.html>) Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to enable escalation of privilege via local access. [CVE-2020-0591](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0591>) has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H>)). ### 3.3 BACKGROUND * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple * **COUNTRIES/AREAS DEPLOYED: **Worldwide * **COMPANY HEADQUARTERS LOCATION: **Germany ### 3.4 RESEARCHER Siemens reported these vulnerabilities to CISA. ## 4\. MITIGATIONS Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk: * As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible. * Applying a Defense-in-Depth concept can help to reduce the probability that untrusted code is run on the system. Siemens recommends applying the [Defense-in-Depth concept](<https://www.siemens.com/industrialsecurity>). For additional information, please refer to Siemens Security Advisory [SSA-501073 ](<https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf>) CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>). * Locate control system networks and remote devices behind firewalls, and isolate them from the business network. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>). Additional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: * Do not click web links or open unsolicited attachments in email messages. * Refer to [Recognizing and Avoiding Email Scams](<https://us-cert.cisa.gov/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams. * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://us-cert.cisa.gov/ncas/tips/ST04-014>) for more information on social engineering attacks. No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely. ### Vendor Siemens

{"id": "ICSA-21-131-15", "vendorId": null, "type": "ics", "bulletinFamily": "info", "title": "Siemens SIMATIC S7-1500", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.8**\n * **ATTENTION:** Low attack complexity\n * **Vendor: **Siemens\n * **Equipment: **SIMATIC S7-1500 CPU 1518F-4\n * **Vulnerabilities:** Improper Initialization, Improper Restriction of Operations within the Bounds of a Memory Buffer\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these Intel product vulnerabilities could allow unauthorized privilege escalation.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of SIMATIC S7-1500 CPU 1518-4, are affected by vulnerabilities in Intel products:\n\n * SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant): All versions\n * SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0): All versions\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [IMPROPER INITIALIZATION CWE-665](<https://cwe.mitre.org/data/definitions/665.html>)\n\nImproper initialization in subsystem for Intel(R) CSME may allow a privileged user to enable escalation of privilege via local access.\n\n[CVE-2020-8744](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8744>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nImproper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to enable escalation of privilege via local access.\n\n[CVE-2020-0591](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0591>) has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 3.4 RESEARCHER\n\nSiemens reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce risk:\n\n * As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible.\n * Applying a Defense-in-Depth concept can help to reduce the probability that untrusted code is run on the system. Siemens recommends applying the [Defense-in-Depth concept](<https://www.siemens.com/industrialsecurity>).\n\nFor additional information, please refer to Siemens Security Advisory [SSA-501073 ](<https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks:\n\n * Do not click web links or open unsolicited attachments in email messages.\n * Refer to [Recognizing and Avoiding Email Scams](<https://us-cert.cisa.gov/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams.\n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://us-cert.cisa.gov/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.\n\n### Vendor\n\nSiemens\n", "published": "2021-05-11T12:00:00", "modified": "2021-05-11T12:00:00", "epss": [{"cve": "CVE-2020-0591", "epss": 0.00044, "percentile": 0.10288, "modified": "2023-06-02"}, {"cve": "CVE-2020-8744", "epss": 0.00045, "percentile": 0.12171, "modified": "2023-05-27"}], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.6}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-15", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-15&title=Siemens%20SIMATIC%20S7-1500", "http://twitter.com/intent/tweet?text=Siemens%20SIMATIC%20S7-1500+https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-15", "https://www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-15", "mailto:?subject=Siemens%20SIMATIC%20S7-1500&body=https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-15", "https://cwe.mitre.org/data/definitions/665.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8744", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0591", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "https://www.siemens.com/industrialsecurity", "https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf", "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", "https://us-cert.cisa.gov/ics/recommended-practices", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B", "https://us-cert.cisa.gov/sites/default/files/publications/emailscams_0905.pdf", "https://us-cert.cisa.gov/ncas/tips/ST04-014", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-15", "https://www.facebook.com/CISA", "https://twitter.com/CISAgov", "https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency", "https://www.youtube.com/@cisagov", "https://www.instagram.com/cisagov", "https://www.dhs.gov/accessibility", "https://www.dhs.gov/performance-financial-reports", "https://www.dhs.gov", "https://www.dhs.gov/foia", "https://www.oig.dhs.gov/", "https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138", "https://www.whitehouse.gov/", "https://www.usa.gov/"], "cvelist": ["CVE-2020-0591", "CVE-2020-8744"], "immutableFields": [], "lastseen": "2023-06-02T15:04:27", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-0591", "CVE-2020-8744"]}, {"type": "f5", "idList": ["F5:K61095244", "F5:K82356391"]}, {"type": "hp", "idList": ["HP:C06962103", "HP:C06962236"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00358", "INTEL:INTEL-SA-00391"]}, {"type": "lenovo", "idList": ["LENOVO:PS500368-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2020-NOSID"]}, {"type": "nessus", "idList": ["INTEL_SA_00391.NASL", "TENABLE_OT_SIEMENS_CVE-2020-0591.NASL", "TENABLE_OT_SIEMENS_CVE-2020-8744.NASL"]}]}, "score": {"value": 2.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-0591", "CVE-2020-8744"]}, {"type": "f5", "idList": ["F5:K61095244", "F5:K82356391"]}, {"type": "hp", "idList": ["HP:C06962103", "HP:C06962236"]}, {"type": "ics", "idList": ["ICSA-13-011-01", "ICSA-13-149-01"]}, {"type": "lenovo", "idList": ["LENOVO:PS500368-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2020-NOSID"]}, {"type": "nessus", "idList": ["INTEL_SA_00391.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:134A95E2E7432DE5E6F46316E469C55B", "THREATPOST:75B109B5B464EBEE349E710C31FA89E1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-0591", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-8744", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}], "vulnersScore": 2.2}, "_state": {"dependencies": 1685722776, "score": 1685718568, "epss": 0}, "_internal": {"score_hash": "58bb67291e32673b3e4d118a5d7594ab"}}

{"nessus": [{"lastseen": "2023-05-17T16:36:05", "description": "Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nThis plugin only works with Tenable.ot.\nPlease visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {}, "published": "2022-11-07T00:00:00", "type": "nessus", "title": "Siemens (CVE-2020-8744)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8744"], "modified": "2023-04-18T00:00:00", "cpe": ["cpe:/o:siemens:simatic_s7-1500_firmware:-"], "id": "TENABLE_OT_SIEMENS_CVE-2020-8744.NASL", "href": "https://www.tenable.com/plugins/ot/500705", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500705);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/18\");\n\n script_cve_id(\"CVE-2020-8744\");\n\n script_name(english:\"Siemens (CVE-2020-8744)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Improper initialization in subsystem for Intel(R) CSME versions\nbefore12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE\nversions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200\nmay allow a privileged user to potentially enable escalation of\nprivilege via local access.\n\nThis plugin only works with Tenable.ot.\nPlease visit https://www.tenable.com/products/tenable-ot for more information.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0627cbb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0005/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0004/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(665);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1500_firmware:-\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Siemens\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Siemens');\n\nvar asset = tenable_ot::assets::get(vendor:'Siemens');\n\nvar vuln_cpes = {\n \"cpe:/o:siemens:simatic_s7-1500_firmware:-\" :\n {\"family\" : \"S71500\"}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:46:59", "description": "Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.\n\nThis plugin only works with Tenable.ot.\nPlease visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {}, "published": "2023-05-02T00:00:00", "type": "nessus", "title": "Siemens (CVE-2020-0591)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0591"], "modified": "2023-05-02T00:00:00", "cpe": ["cpe:/o:siemens:simatic_cpu_1518-4_firmware", "cpe:/o:siemens:simatic_cpu_1518f-4_firmware"], "id": "TENABLE_OT_SIEMENS_CVE-2020-0591.NASL", "href": "https://www.tenable.com/plugins/ot/501088", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(501088);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/02\");\n\n script_cve_id(\"CVE-2020-0591\");\n\n script_name(english:\"Siemens (CVE-2020-0591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Improper buffer restrictions in BIOS firmware for some Intel(R)\nProcessors may allow a privileged user to potentially enable\nescalation of privilege via local access.\n\nThis plugin only works with Tenable.ot.\nPlease visit https://www.tenable.com/products/tenable-ot for more information.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f80d097d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0001/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0591\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_cpu_1518-4_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_cpu_1518f-4_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Siemens\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Siemens');\n\nvar asset = tenable_ot::assets::get(vendor:'Siemens');\n\nvar vuln_cpes = {\n \"cpe:/o:siemens:simatic_cpu_1518-4_firmware\" :\n {\"family\" : \"S71500\"},\n \"cpe:/o:siemens:simatic_cpu_1518f-4_firmware\" :\n {\"family\" : \"S71500\"}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:23", "description": "The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported, is a version containing multiple vulnerabilities, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-8749)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-20T00:00:00", "type": "nessus", "title": "Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12354", "CVE-2020-12356", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:/h:intel:active_management_technology", "cpe:/o:intel:active_management_technology_firmware"], "id": "INTEL_SA_00391.NASL", "href": "https://www.tenable.com/plugins/nessus/143152", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143152);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\n \"CVE-2020-8705\",\n \"CVE-2020-8744\",\n \"CVE-2020-8745\",\n \"CVE-2020-8746\",\n \"CVE-2020-8747\",\n \"CVE-2020-8749\",\n \"CVE-2020-8751\",\n \"CVE-2020-8752\",\n \"CVE-2020-8753\",\n \"CVE-2020-8754\",\n \"CVE-2020-8755\",\n \"CVE-2020-8756\",\n \"CVE-2020-8757\",\n \"CVE-2020-8760\",\n \"CVE-2020-8761\",\n \"CVE-2020-12297\",\n \"CVE-2020-12303\",\n \"CVE-2020-12354\",\n \"CVE-2020-12356\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0534\");\n\n script_name(english:\"Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The management engine on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its\nself-reported, is a version containing multiple vulnerabilities, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80,\n 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of\n privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and\n 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of\n service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and\n 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent\n access. (CVE-2020-8749)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2fdd021\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact your system OEM for updated firmware per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:intel:active_management_technology\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:intel:active_management_technology_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"intel_amt_remote_detect.nbin\");\n script_require_keys(\"installed_sw/Intel Active Management Technology\");\n script_require_ports(\"Services/www\", 16992, 16993, 16994, 16995, 623, 664);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_kb_item_or_exit('installed_sw/Intel Active Management Technology');\n\nport = get_http_port(default:16992);\n\napp = 'Intel Active Management Technology';\napp_info = vcf::get_app_info(app:app, port:port);\n\nconstraints = [\n { 'min_version' : '11.8', 'fixed_version' : '11.8.80' },\n { 'min_version' : '11.12', 'fixed_version' : '11.12.80' },\n { 'min_version' : '11.22', 'fixed_version' : '11.22.80' },\n { 'min_version' : '12.0', 'fixed_version' : '12.0.70' },\n { 'min_version' : '13.0', 'fixed_version' : '13.0.40' },\n { 'min_version' : '13.30', 'fixed_version' : '13.30.10' },\n { 'min_version' : '14.0', 'fixed_version' : '14.0.45' },\n { 'min_version' : '14.5', 'fixed_version' : '14.5.25' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-06T15:05:12", "description": "Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8744", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8744"], "modified": "2022-10-19T13:29:00", "cpe": ["cpe:/o:siemens:simatic_s7-1500_firmware:-", "cpe:/o:siemens:simatic_s7-1518f-4_pn\\/dp_mfp_firmware:-", "cpe:/o:siemens:simatic_s7-1518-4_pn\\/dp_mfp_firmware:-"], "id": "CVE-2020-8744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8744", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:siemens:simatic_s7-1518f-4_pn\\/dp_mfp_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1518-4_pn\\/dp_mfp_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T14:22:52", "description": "Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-0591", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0591"], "modified": "2022-04-26T16:33:00", "cpe": ["cpe:/o:siemens:simatic_cpu_1518-4_firmware:*", "cpe:/o:intel:bios:-", "cpe:/o:siemens:simatic_cpu_1518f-4_firmware:*"], "id": "CVE-2020-0591", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0591", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:siemens:simatic_cpu_1518-4_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_cpu_1518f-4_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:intel:bios:-:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2023-02-08T16:52:53", "description": "Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. ([CVE-2020-0591](<https://vulners.com/cve/CVE-2020-0591>))\n\nImpact\n\nBIG-IP\n\nAn attacker may exploit the improper input validation in BIOS firmware to potentially create a denial of service by way of local access. The following platforms are vulnerable:\n\n * BIG-IP i850, i2000, i4000 series\n\nFor more information, refer to [Hardware Platforms in Knowledge Center](<https://support.f5.com/csp/knowledge-center/hardware>)\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-01T02:11:00", "type": "f5", "title": "Intel CPU vulnerability CVE-2020-0591", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0591"], "modified": "2021-08-04T21:57:00", "id": "F5:K82356391", "href": "https://support.f5.com/csp/article/K82356391", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T20:08:05", "description": " * [CVE-2020-8705](<https://vulners.com/cve/CVE-2020-8705>)\n\nInsecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.\n\n * [CVE-2020-8744](<https://vulners.com/cve/CVE-2020-8744>)\n\nImproper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.\n\n * [CVE-2020-8745](<https://vulners.com/cve/CVE-2020-8745>)\n\nInsufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\n * [CVE-2020-8756](<https://vulners.com/cve/CVE-2020-8756>)\n\nImproper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:29:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8756"], "modified": "2020-11-26T07:29:00", "id": "F5:K61095244", "href": "https://support.f5.com/csp/article/K61095244", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "intel": [{"lastseen": "2023-02-08T18:04:14", "description": "### Summary: \n\nPotential security vulnerabilities in the BIOS firmware for some Intel\u00ae Processors may allow escalation of privilege or denial of service.** **Intel is releasing firmware updates to mitigate this potential vulnerability.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-0590](<https://vulners.com/cve/CVE-2020-0590>)\n\nDescription: Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.7 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H>)\n\nCVEID: [CVE-2020-0587](<https://vulners.com/cve/CVE-2020-0587>)\n\nDescription: Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L>)\n\nCVEID: [CVE-2020-0591](<https://vulners.com/cve/CVE-2020-0591>)\n\nDescription: Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-0593](<https://vulners.com/cve/CVE-2020-0593>)\n\nDescription: Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 4.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:L>)\n\nCVEID: [CVE-2020-0588](<https://vulners.com/cve/CVE-2020-0588>)\n\nDescription: Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 3.8 Low\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N>)\n\nCVEID: [CVE-2020-0592](<https://vulners.com/cve/CVE-2020-0592>)\n\nDescription: Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.\n\nCVSS Base Score: 3.0 Low\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L>)\n\n### Affected Products:\n\n2nd Generation Intel\u00ae Xeon\u00ae Scalable and Intel\u00ae Xeon\u00ae Scalable Processors\n\n * CVE-2020-0590\n * CVE-2020-0591\n * CVE-2020-0592\n * CVE-2020-0593\n * CVE-2020-0587\n * CVE-2020-0588\n\nIntel\u00ae Xeon\u00ae Processor D Family, Intel\u00ae Xeon\u00ae Processor E5 v4 Family and Intel\u00ae Xeon\u00ae Processor E5 v3 Family \n\n * CVE-2020-0591\n * CVE-2020-0592\n\n10th Generation Intel\u00ae Core\u2122 processors, 9th Generation Intel\u00ae Core\u2122 processors, 8th Generation Intel\u00ae Core\u2122 processors, 7th Generation Intel\u00ae Core\u2122 processors, 6th Generation Intel\u00ae Core\u2122 processors and\n\nIntel\u00ae Core\u2122 Processors with Intel\u00ae Hybrid Technology \n\n * CVE-2020-0593\n\nIntel\u00ae Xeon\u00ae Processor E7 v4 Family and Intel\u00ae Xeon\u00ae Processor E7 v2 Family \n\n * CVE-2020-0592\n\nIntel\u00ae Core\u2122 X-series Processors and Intel\u00ae Xeon\u00ae Processor W Family \n\n * CVE-2020-0587\n * CVE-2020-0591\n * CVE-2020-0592\n * CVE-2020-0593\n\nIntel\u00ae Xeon\u00ae Processor D Family, Intel\u00ae Xeon\u00ae W Processor and Intel\u00ae Core\u2122 X-series Processors\n\n * CVE-2020-0591\n * CVE-2020-0592\n * CVE-2020-0593\n\n### Recommendations: \n\n\nIntel recommends that users of the affected products update to the latest BIOS firmware provided by the system manufacturer that addresses these issues.\n\n### Acknowledgements:\n\nThese issues were found internally by Intel employees. Intel would like to thank, Nagaraju N Kodalapura and Hareesh Khattri for CVE-2020-0590, Jorge E Gonzalez Diaz for CVE-2020-0588, Nicholas Armour for CVE-2020-0587, and Brent Holtsclaw for CVE-2020-0591 and CVE-2020-0591.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "intel", "title": "2020.2 IPU \u2013 BIOS\u00a0Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-0587", "CVE-2020-0588", "CVE-2020-0590", "CVE-2020-0591", "CVE-2020-0592", "CVE-2020-0593"], "modified": "2020-11-10T00:00:00", "id": "INTEL:INTEL-SA-00358", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-08T18:04:14", "description": "### Summary: \n\nPotential security vulnerabilities in Intel\u00ae Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Dynamic Application Loader (DAL), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Standard Manageability (ISM) and Intel\u00ae Dynamic Application Loader (Intel\u00ae DAL) may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.\n\nIntel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel\u00ae DAL SDK.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-8752](<https://vulners.com/cve/CVE-2020-8752>)\n\nDescription: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.\n\nCVSS Base Score: 9.4 Critical\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8753](<https://vulners.com/cve/CVE-2020-8753>)\n\nDescription: Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L>)\n\nCVEID: [CVE-2020-12297](<https://vulners.com/cve/CVE-2020-12297>)\n\nDescription: Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-12304](<https://vulners.com/cve/CVE-2020-12304>)\n\nDescription: Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020->)\n\nDescription: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N>)\n\nCVEID: [CVE-2020-8744](<https://vulners.com/cve/CVE-2020-8744>)\n\nDescription: Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel\u00ae TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N>)\n\nCVEID: [CVE-2020-8705](<https://vulners.com/cve/CVE-2020-8705>)\n\nDescription: Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8750](<https://vulners.com/cve/CVE-2020-8750>)\n\nDescription: Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.0 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-12303](<https://vulners.com/cve/CVE-2020-12303>)\n\nDescription: Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel\u00ae TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 7.0 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)\n\nCVE ID: [CVE-2020-12354](<https://vulners.com/cve/CVE-2020-12354>)\n\nDescription: Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8757](<https://vulners.com/cve/CVE-2020-8757>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8756](<https://vulners.com/cve/CVE-2020-8756>)\n\nDescription: Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8760](<https://vulners.com/cve/CVE-2020-8760>)\n\nDescription: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.0 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVE ID: [CVE-2020-12355](<https://vulners.com/cve/CVE-2020-12355>)\n\nDescription: Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N>)\n\nCVEID: [CVE-2020-8751](<https://vulners.com/cve/CVE-2020-8751>)\n\nDescription: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8754](<https://vulners.com/cve/CVE-2020-8754>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N>)\n\nCVEID: [CVE-2020-8761](<https://vulners.com/cve/CVE-2020-8761>)\n\nDescription: Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nCVSS Base Score: 4.9 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8747](<https://vulners.com/cve/CVE-2020-8747>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.\n\nCVSS Base Score: 4.8 Medium\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L>)\n\nCVEID: [CVE-2020-8755](<https://vulners.com/cve/CVE-2020-8755>)\n\nDescription: Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 4.6 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)\n\nCVE ID: [CVE-2020-12356](<https://vulners.com/cve/CVE-2020-12356>)\n\nDescription: Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8746](<https://vulners.com/cve/CVE-2020-8746>)\n\nDescription: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.\n\nCVSS Base Score: 4.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)\n\nCVEID: [CVE-2020-8749](<https://vulners.com/cve/CVE-2020-8749>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n\nCVSS Base Score: 4.2 Medium\n\nCVSS Vector: [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)\n\n### Affected Products:\n\n * Intel\u00ae CSME and Intel\u00ae AMT versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25.\n * Intel\u00ae TXE versions before 3.1.80 and 4.0.30.\n * Intel\u00ae Server Platform Services firmware versions before SPS_E5_04.01.04.400, SPS_E3_05.01.04.200, SPS_E3_04.01.04.200, SPS_SoC-X_04.00.04.200 and SPS_SoC-A_04.00.04.300. \n\n\nThe following CVEs assigned by Intel, correspond to a subset of the CVEs disclosed on 12/18/2020 as part of [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>):\n\nDisclosed in INTEL-SA-00391\n\n| \n\nDisclosed in [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>) \n \n---|--- \n \nCVE-2020-8752\n\n| \n\nCVE-2020-27337 \n \nCVE-2020-8753\n\n| \n\nCVE-2020-27338 \n \nCVE-2020-8754\n\n| \n\nCVE-2020-27336 \n \nNote: Firmware versions of Intel\u00ae ME 3.x thru 10.x, Intel\u00ae TXE 1.x thru 2.x, and Intel\u00ae Server Platform Services 1.x thru 2.X are no longer supported versions. There is no new general release planned for these versions.\n\n### Recommendations:\n\nIntel recommends that users of Intel\u00ae CSME, Intel\u00ae TXE, Intel\u00ae AMT and Intel\u00ae SPS update to the latest version provided by the system manufacturer that addresses these issues.\n\nThe Intel\u00ae AMT SDK is available for download [here](<https://software.intel.com/content/www/us/en/develop/download/intel-active-management-technology-sdk.html>). \n\nIntel has issued a Product Discontinuation notice for the Intel\u00ae DAL SDK and recommends that users of the Intel\u00ae DAL SDK uninstall it or discontinue use at their earliest convenience.\n\n### Acknowledgements:\n\nIntel would like to thank Trammell Hudson (CVE-2020-8705), Marius Gabriel Mihai (CVE-2020-12354, CVE-2020-12304), Oussama Sahnoun (CVE-2020-12297), Rotem Sela and Brian Mastenbrook (CVE-2020-12355) for reporting these issues.\n\nThe additional issues were found internally by Intel employees. Intel would like to thank Arie Haenel, Aviya Erenfeld, Binyamin Belaciano, Dmitry Piotrovsky, Julien Lenoir, Niv Israely, Ofek Mostovoy, Yakov Cohen and Yossef Kuszer.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "intel", "title": "2020.2 IPU \u2013 Intel\u00ae CSME, SPS, TXE, and AMT\u00a0Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12304", "CVE-2020-12354", "CVE-2020-12355", "CVE-2020-12356", "CVE-2020-27336", "CVE-2020-27337", "CVE-2020-27338", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8750", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2020-11-10T00:00:00", "id": "INTEL:INTEL-SA-00391", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "lenovo": [{"lastseen": "2021-08-11T16:37:46", "description": "**Lenovo Security Advisory: **LEN-49266\n\n**Potential Impact: **Information disclosure, privilege escalation, denial of service\n\n**Severity: **High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593, CVE-2020-1025, CVE-2020-1289, CVE-2020-1292, CVE-2020-2963, CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-8352, CVE-2020-8354\n\n**Summary Description:**\n\nWhen possible, Lenovo consolidates multiple BIOS security fixes and enhancements into as few updates as possible. The following list of vulnerabilities were reported by suppliers and researchers or were found during our regular internal testing. Not all products listed in the Product Impact section of this advisory were affected by every CVE summarized here.\n\nAMD reported a potential vulnerability that may impact AMD\u2019s TPM implementation of non-orderly shutdown-failedTries with the USE_DA_USED build flag. CVE-2020-12926 (AMD), CVE-2020-29633 (TCG)\n\nAMD reported a potential vulnerability in some AMD notebook or embedded processors that may allow privilege escalation. CVE-2020-12890\n\nAMI has released AMI Aptio V BIOS security enhancements. No CVEs available\n\nIntel reported potential security vulnerabilities in the BIOS firmware for some Intel\u00ae Processors that may allow escalation of privilege or denial of service. INTEL-SA-00358: CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593\n\nIntel reported potential security vulnerabilities in some Intel\u00ae Processors that may allow information disclosure. INTEL-SA-00381: CVE-2020-8696, CVE-2020-8698\n\nIntel reported potential security vulnerabilities in the Intel\u00ae Running Average Power Limit (RAPL) Interface that may allow information disclosure. INTEL-SA-00389: CVE-2020-8694, CVE-2020-8695\n\nA potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. CVE-2020-8354\n\nIn some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. CVE-2020-8352\n\nPhoenix has released security enhancements for Phoenix BIOS. No CVEs available\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nUpdate system firmware to the version (or newer) indicated for your model in the Product Impact section.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-04T15:47:25", "type": "lenovo", "title": "Multi-vendor BIOS Security Vulnerabilities (November 2020) - Lenovo Support NL", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8695", "CVE-2020-0587", "CVE-2020-0588", "CVE-2020-8696", "CVE-2020-0592", "CVE-2020-8698", "CVE-2020-1292", "CVE-2020-1025", "CVE-2020-0591", "CVE-2020-0593", "CVE-2020-1289", "CVE-2020-8694", "CVE-2020-2963", "CVE-2020-0590"], "modified": "2021-08-09T15:25:35", "id": "LENOVO:PS500368-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2020-NOSID", "href": "https://support.lenovo.com/nl/nl/product_security/ps500368-multi-vendor-bios-security-vulnerabilities-november-2020", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hp": [{"lastseen": "2023-04-26T17:04:37", "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, Information Disclosure \n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported by:** HP, Intel \n\n## VULNERABILITY SUMMARY\nIntel\u00ae has informed HP of potential security vulnerabilities identified in Intel\u00ae Processors, BIOS Firmware for some Intel\u00ae Processors, Intel\u00ae Running Average Power Limit (RAPL) Interface, and Intel BIOS platform sample code for some Intel\u00ae Processors which may allow escalation of privilege, denial of service, and/or information disclosure.\n\nHP has identified a potential vulnerability with certain versions of HP BIOS which may allow escalation of Firmware privilege.\n\n## RESOLUTION\nIntel and HP have released Firmware updates to mitigate the potential vulnerabilities. HP has identified the affected platforms and the corresponding SoftPaq updated versions. See the affected platforms listed below.\n\nNewer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model. \n", "cvss3": {}, "published": "2020-11-09T00:00:00", "type": "hp", "title": "HPSBHF03705 rev. 6 - BIOS November 2020 Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-0587", "CVE-2020-0588", "CVE-2020-0590", "CVE-2020-0591", "CVE-2020-0592", "CVE-2020-0593", "CVE-2020-0599", "CVE-2020-6929", "CVE-2020-8694", "CVE-2020-8695", "CVE-2020-8696", "CVE-2020-8698", "CVE-2020-8738", "CVE-2020-8739", "CVE-2020-8740", "CVE-2020-8764"], "modified": "2021-04-27T00:00:00", "id": "HP:C06962236", "href": "https://support.hp.com/us-en/document/c06962236", "cvss": {"score": "8.8", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/"}}, {"lastseen": "2023-06-02T14:57:03", "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, Information Disclosure\n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Intel \n\n## VULNERABILITY SUMMARY\nIntel has informed HP of potential security vulnerabilities identified in Intel\u00ae Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Dynamic Application Loader (DAL), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Standard Manageability (ISM) and Intel\u00ae Dynamic Application Loader (Intel\u00ae DAL) that may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. \n\nIntel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel\u00ae DAL SDK.\n\n## RESOLUTION\nIntel has released updates to mitigate the potential vulnerabilities. HP has identified the affected platforms and the corresponding SoftPaq updated versions. See the affected platforms listed below. Newer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model. \n\nHP recommends keeping your system up to date with the latest firmware and software. \n\n> note:\n> \n> This bulletin may be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive: \n> \n> * Product support eAlerts\n> * Driver updates\n> * Security Bulletin updates\n\n**Pending:** SoftPaq is in progress. \n\n**Under investigation:** System under investigation for impact, or SoftPaq under investigation for feasibility/availability. \n\n**Not available: **SoftPaq not available due to technical or logistical constraints. \n\n**Check support page:**The listed SoftPaq has been removed from downloaded site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site. \n", "cvss3": {}, "published": "2020-11-09T00:00:00", "type": "hp", "title": "HPSBHF03703 rev. 4 - Intel\u00ae 2020.2 IPU - CSME, SPS, TXE, AMT, and DAL Security Update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12304", "CVE-2020-12354", "CVE-2020-12355", "CVE-2020-12356", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8750", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2021-06-02T00:00:00", "id": "HP:C06962103", "href": "https://support.hp.com/us-en/document/c06962103", "cvss": {"score": "8.2", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/"}}]}

Siemens SIMATIC S7-1500

Description

Related