Sign-up

ID

VAR-201809-1074


CVE

CVE-2018-3657


TITLE

Intel CSME Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012408

DESCRIPTION

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. Intel CSME The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Siemens Products are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. A denial-of-service vulnerability 3. A side channel attack information disclosure vulnerability Attackers can exploit these issues to execute arbitrary code within the context of an affected device or obtain sensitive information or cause a denial-of-service condition. The following Siemens products are affected: SIMATIC FieldPG M5 All versions prior to 22.01.06, SIMATIC IPC427E All versions prior to 21.01.09, SIMATIC IPC477E All versions prior to 21.01.09, SIMATIC IPC547E All versions prior to R1.30.0, SIMATIC IPC547G All versions prior to R1.23.0, SIMATIC IPC627D All versions prior to 19.02.11, SIMATIC IPC647D All versions prior to 19.01.14, SIMATIC IPC677D All versions prior to 19.02.11, SIMATIC IPC827D All versions prior to 19.02.11, SIMATIC IPC847D All versions prior to 19.01.14, and SIMATIC ITP1000 All versions prior to 23.01.04. Intel CSME is a converged security management engine developed by Intel Corporation. Intel AMT is one of the active management technology modules

Trust: 1.98

sources: NVD: CVE-2018-3657 // JVNDB: JVNDB-2018-012408 // BID: 106996 // VULHUB: VHN-133688

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:12.0.5

Trust: 1.8

vendor:siemensmodel:simatic field pg m5scope:ltversion:22.01.06

Trust: 1.0

vendor:siemensmodel:simatic itp1000scope:ltversion:23.01.04

Trust: 1.0

vendor:siemensmodel:simatic ipc547escope:ltversion:r1.30.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.5

Trust: 1.0

vendor:siemensmodel:simatic pc547gscope:ltversion:r1.23.0

Trust: 1.0

vendor:intelmodel:manageability enginescope:gteversion:9.0.0.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0.0

Trust: 1.0

vendor:siemensmodel:simatic ipc627dscope:ltversion:19.02.11

Trust: 1.0

vendor:siemensmodel:simatic ipc827dscope:ltversion:19.02.11

Trust: 1.0

vendor:intelmodel:manageability enginescope:ltversion:11.0

Trust: 1.0

vendor:siemensmodel:simatic ipc427escope:ltversion:21.01.09

Trust: 1.0

vendor:siemensmodel:simatic ipc477escope:ltversion:21.01.09

Trust: 1.0

vendor:siemensmodel:simatic ipc677dscope:ltversion:19.02.11

Trust: 1.0

vendor:siemensmodel:simatic ipc847dscope:ltversion:19.01.14

Trust: 1.0

vendor:siemensmodel:simatic ipc647dscope:ltversion:19.01.14

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion: -

Trust: 0.6

vendor:siemensmodel:simatic itp1000scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc847dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc827dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc677dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc647dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc627dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc547gscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc547escope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc477escope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc427escope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic fieldpg m5scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc847dscope:neversion:v19.01.14

Trust: 0.3

vendor:siemensmodel:simatic ipc827dscope:neversion:v19.02.11

Trust: 0.3

vendor:siemensmodel:simatic ipc677dscope:neversion:v19.01.11

Trust: 0.3

vendor:siemensmodel:simatic ipc647dscope:neversion:v19.01.14

Trust: 0.3

vendor:siemensmodel:simatic ipc627dscope:neversion:v19.02.11

Trust: 0.3

vendor:siemensmodel:simatic ipc547g r1.23.0scope:neversion: -

Trust: 0.3

vendor:siemensmodel:simatic ipc547e r1.30.0scope:neversion: -

Trust: 0.3

vendor:siemensmodel:simatic ipc477escope:neversion:v21.01.09

Trust: 0.3

vendor:siemensmodel:simatic ipc427escope:neversion:v21.01.09

Trust: 0.3

vendor:siemensmodel:simatic fieldpg m5scope:neversion:v22.01.06

Trust: 0.3

sources: BID: 106996 // JVNDB: JVNDB-2018-012408 // CNNVD: CNNVD-201809-605 // NVD: CVE-2018-3657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3657
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3657
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-605
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133688
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3657
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133688
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3657
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-3657
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-133688 // JVNDB: JVNDB-2018-012408 // CNNVD: CNNVD-201809-605 // NVD: CVE-2018-3657

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-133688 // JVNDB: JVNDB-2018-012408 // NVD: CVE-2018-3657

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-605

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201809-605

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012408

PATCH
title:INTEL-SA-00141url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
Trust: 0.8
title:Intel CSME AMT Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84864
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012408 // 
            
            
            
            CNNVD: CNNVD-201809-605

EXTERNAL IDS
db:NVDid:CVE-2018-3657
Trust: 2.8
db:ICS CERTid:ICSA-19-043-05
Trust: 2.8
db:BIDid:106996
Trust: 2.0
db:SIEMENSid:SSA-377318
Trust: 1.7
db:JVNDBid:JVNDB-2018-012408
Trust: 0.8
db:CNNVDid:CNNVD-201809-605
Trust: 0.7
db:AUSCERTid:ESB-2019.0444
Trust: 0.6
db:VULHUBid:VHN-133688
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133688 // 
            
            
            
            BID: 106996 // 
            
            
            
            JVNDB: JVNDB-2018-012408 // 
            
            
            
            CNNVD: CNNVD-201809-605 // 
            
            
            
            NVD: CVE-2018-3657

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-043-05
Trust: 3.4
url:http://www.securityfocus.com/bid/106996
Trust: 2.9
url:https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20180924-0003/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03876en_us
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3657
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3657
Trust: 0.8
url:https://www.auscert.org.au/bulletins/75474
Trust: 0.6
url:http://subscriber.communications.siemens.com/
Trust: 0.3
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03876en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133688 // 
            
            
            
            BID: 106996 // 
            
            
            
            JVNDB: JVNDB-2018-012408 // 
            
            
            
            CNNVD: CNNVD-201809-605 // 
            
            
            
            NVD: CVE-2018-3657

CREDITS
The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201809-605

SOURCES
db:VULHUBid:VHN-133688
db:BIDid:106996
db:JVNDBid:JVNDB-2018-012408
db:CNNVDid:CNNVD-201809-605
db:NVDid:CVE-2018-3657

LAST UPDATE DATE
2024-08-14T14:04:48.152000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133688date:2019-02-28T00:00:00
db:BIDid:106996date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-012408date:2019-02-13T00:00:00
db:CNNVDid:CNNVD-201809-605date:2021-05-27T00:00:00
db:NVDid:CVE-2018-3657date:2023-08-17T17:43:03.567

SOURCES RELEASE DATE
db:VULHUBid:VHN-133688date:2018-09-12T00:00:00
db:BIDid:106996date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-012408date:2019-02-04T00:00:00
db:CNNVDid:CNNVD-201809-605date:2018-09-13T00:00:00
db:NVDid:CVE-2018-3657date:2018-09-12T19:29:02.840