CVE-2020-8698Resource Exposure in Siemens Simatic Field PG M5 Firmware

CWE-668Resource ExposureCWE-212Improper Removal of Sensitive Information Before Storage or Transfer9 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 49.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Siemens Simatic Field PG M5 FirmwareSiemens Simatic Ipc427e FirmwareSiemens Simatic Ipc477e Firmware+8 more
Timeline
PublishedNov 12
Latest updateMay 24

Description

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

Also affects: Debian Linux 9.0, Fedora 31

🔴Vulnerability Details

3
GHSA
GHSA-9636-925v-53qr: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via lo2022-05-24
OSV
CVE-2020-8698: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via lo2020-11-12
CVEList
CVE-2020-8698: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via lo2020-11-12

📋Vendor Advisories

4
Ubuntu
Intel Microcode vulnerabilities2021-05-17
Ubuntu
Intel Microcode vulnerabilities2020-11-11
Red Hat
hw: Fast forward store predictor2020-11-10
Debian
CVE-2020-8698: intel-microcode - Improper isolation of shared resources in some Intel(R) Processors may allow an ...2020

💬Community

1
Bugzilla
CVE-2020-8698 hw: Fast forward store predictor2020-10-22
CVE-2020-8698 — Resource Exposure in Siemens | cvebase