Siemens Simatic Ipc477E Firmware vulnerabilities

CVE-2020-8698 [MEDIUM] CWE-668 CVE-2020-8698: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user t Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2020-8745 [MEDIUM] CVE-2020-8745: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.8 Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVE-2020-0543 [MEDIUM] CWE-459 CVE-2020-0543: Incomplete cleanup from specific special register read operations in some Intel(R) Processors may al Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2018-3658 [MEDIUM] CWE-772 CVE-2018-3658: Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauth Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

CVE-2018-3616 [MEDIUM] CVE-2018-3616: Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Tec Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

CVE-2018-3657 [MEDIUM] CWE-119 CVE-2018-3657: Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may all Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

CVE-2018-3639 [MEDIUM] CWE-203 CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory rea Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVE-2017-5711 [HIGH] CWE-119 CVE-2017-5711: Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmwa Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

CVE-2017-5712 [HIGH] CWE-119 CVE-2017-5712: Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

CVE-2017-5689 [CRITICAL] CWE-269 CVE-2017-5689: An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKU An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active