Details of VAR-201809-1075

ID

VAR-201809-1075

CVE

CVE-2018-3658

TITLE

Intel CSME Firmware resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013145

DESCRIPTION

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. Intel CSME The firmware contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens Products are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. A denial-of-service vulnerability 3. A side channel attack information disclosure vulnerability Attackers can exploit these issues to execute arbitrary code within the context of an affected device or obtain sensitive information or cause a denial-of-service condition. The following Siemens products are affected: SIMATIC FieldPG M5 All versions prior to 22.01.06, SIMATIC IPC427E All versions prior to 21.01.09, SIMATIC IPC477E All versions prior to 21.01.09, SIMATIC IPC547E All versions prior to R1.30.0, SIMATIC IPC547G All versions prior to R1.23.0, SIMATIC IPC627D All versions prior to 19.02.11, SIMATIC IPC647D All versions prior to 19.01.14, SIMATIC IPC677D All versions prior to 19.02.11, SIMATIC IPC827D All versions prior to 19.02.11, SIMATIC IPC847D All versions prior to 19.01.14, and SIMATIC ITP1000 All versions prior to 23.01.04. Intel CSME is a converged security management engine developed by Intel Corporation. Intel AMT is one of the active management technology modules. An attacker could cause a denial of service (memory leak) by exploiting this vulnerability

Trust: 1.98

sources: NVD: CVE-2018-3658 // JVNDB: JVNDB-2018-013145 // BID: 106996 // VULHUB: VHN-133689

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic field pg m5	scope:	lt	version:	22.01.06	Trust: 1.0
vendor:	siemens	model:	simatic itp1000	scope:	lt	version:	23.01.04	Trust: 1.0
vendor:	siemens	model:	simatic ipc547e	scope:	lt	version:	r1.30.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	12.0.5	Trust: 1.0
vendor:	siemens	model:	simatic pc547g	scope:	lt	version:	r1.23.0	Trust: 1.0
vendor:	intel	model:	manageability engine	scope:	gte	version:	9.0.0.0	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	siemens	model:	simatic ipc627d	scope:	lt	version:	19.02.11	Trust: 1.0
vendor:	siemens	model:	simatic ipc827d	scope:	lt	version:	19.02.11	Trust: 1.0
vendor:	intel	model:	manageability engine	scope:	lt	version:	11.0	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	lt	version:	12.0.5	Trust: 1.0
vendor:	siemens	model:	simatic ipc427e	scope:	lt	version:	21.01.09	Trust: 1.0
vendor:	siemens	model:	simatic ipc477e	scope:	lt	version:	21.01.09	Trust: 1.0
vendor:	siemens	model:	simatic ipc677d	scope:	lt	version:	19.02.11	Trust: 1.0
vendor:	siemens	model:	simatic ipc847d	scope:	lt	version:	19.01.14	Trust: 1.0
vendor:	siemens	model:	simatic ipc647d	scope:	lt	version:	19.01.14	Trust: 1.0
vendor:	intel	model:	csme	scope:	lt	version:	12.0.5	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	eq	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic itp1000	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc847d	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc827d	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc677d	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc647d	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc627d	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc547g	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc547e	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc477e	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc427e	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic fieldpg m5	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic ipc847d	scope:	ne	version:	v19.01.14	Trust: 0.3
vendor:	siemens	model:	simatic ipc827d	scope:	ne	version:	v19.02.11	Trust: 0.3
vendor:	siemens	model:	simatic ipc677d	scope:	ne	version:	v19.01.11	Trust: 0.3
vendor:	siemens	model:	simatic ipc647d	scope:	ne	version:	v19.01.14	Trust: 0.3
vendor:	siemens	model:	simatic ipc627d	scope:	ne	version:	v19.02.11	Trust: 0.3
vendor:	siemens	model:	simatic ipc547g r1.23.0	scope:	ne	version:	-	Trust: 0.3
vendor:	siemens	model:	simatic ipc547e r1.30.0	scope:	ne	version:	-	Trust: 0.3
vendor:	siemens	model:	simatic ipc477e	scope:	ne	version:	v21.01.09	Trust: 0.3
vendor:	siemens	model:	simatic ipc427e	scope:	ne	version:	v21.01.09	Trust: 0.3
vendor:	siemens	model:	simatic fieldpg m5	scope:	ne	version:	v22.01.06	Trust: 0.3

sources: BID: 106996 // JVNDB: JVNDB-2018-013145 // CNNVD: CNNVD-201809-604 // NVD: CVE-2018-3658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3658
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-3658
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201809-604
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-133689
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-3658
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-133689
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-3658
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-3658
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-133689 // JVNDB: JVNDB-2018-013145 // CNNVD: CNNVD-201809-604 // NVD: CVE-2018-3658

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-133689 // JVNDB: JVNDB-2018-013145 // NVD: CVE-2018-3658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-604

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-604

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013145

PATCH

title:	INTEL-SA-00141	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html	Trust: 0.8
title:	Intel CSME Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84863	Trust: 0.6

sources: JVNDB: JVNDB-2018-013145 // CNNVD: CNNVD-201809-604

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3658	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-043-05	Trust: 2.8
db:	BID	id:	106996	Trust: 2.0
db:	SIEMENS	id:	SSA-377318	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-013145	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-604	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0444	Trust: 0.6
db:	VULHUB	id:	VHN-133689	Trust: 0.1

sources: VULHUB: VHN-133689 // BID: 106996 // JVNDB: JVNDB-2018-013145 // CNNVD: CNNVD-201809-604 // NVD: CVE-2018-3658

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-043-05	Trust: 3.4
url:	http://www.securityfocus.com/bid/106996	Trust: 2.9
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20180924-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03876en_us	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3658	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3658	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75474	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03876en_us	Trust: 0.1

sources: VULHUB: VHN-133689 // BID: 106996 // JVNDB: JVNDB-2018-013145 // CNNVD: CNNVD-201809-604 // NVD: CVE-2018-3658

CREDITS

The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201809-604

SOURCES

db:	VULHUB	id:	VHN-133689
db:	BID	id:	106996
db:	JVNDB	id:	JVNDB-2018-013145
db:	CNNVD	id:	CNNVD-201809-604
db:	NVD	id:	CVE-2018-3658

LAST UPDATE DATE

2024-08-14T14:04:48.118000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-133689	date:	2019-10-03T00:00:00
db:	BID	id:	106996	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-013145	date:	2019-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201809-604	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-3658	date:	2023-08-17T17:43:39.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-133689	date:	2018-09-12T00:00:00
db:	BID	id:	106996	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-013145	date:	2019-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201809-604	date:	2018-09-13T00:00:00
db:	NVD	id:	CVE-2018-3658	date:	2018-09-12T19:29:02.967