![]() ![]() Improper buffer restrictions in a subsystem in the Intel CSME versions prior to 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, and 15.0.22 may allow a privileged user to enable escalation of privilege via local access.ĬVE-2020-8703 has been assigned to this vulnerability. 4.2.2 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). End Update G Part 1 of 2 - 4.2 VULNERABILITY OVERVIEW 4.2.1 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311Ī race condition in the firmware for some Intel processors may allow a privileged user to enable escalation of privilege via local access.ĬVE-2020-8670 has been assigned to this vulnerability. SINUMERIK ONE PPU 1740: All versions prior to v06.00.00.00.SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions prior to v08.00.00.00.SINUMERIK MC MCU 1720: All versions prior to v05.00.00.00.SINUMERIK 828D HW PPU.4: All versions prior to v08.00.00.00.SIMATIC IPC3000 SMART V3: All versions prior to v01.04.00.SIMATIC IPC347G: All versions prior to v01.04.00.SIMATIC IPC477E Pro: All versions prior to v21.01.16.SIMATIC IPC477E: All versions prior to v21.01.16.SIMATIC IPC427E: All versions prior to v21.01.16.SIPLUS variants): All versions prior to v0209_0105 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.SIMATIC IPC127E: All versions prior to v21.01.07.SINUMERIK ONE NCU 1740: All versions prior to v05.00.00.00.SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions.SIMATIC IPC847E: All BIOS versions prior to v25.02.10.SIMATIC Drive Controller Family: All versions.The following Siemens products are affected: Successful exploitation of these vulnerabilities could lead to unauthorized access to sensitive data, privilege escalation, and configuration change. This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update F) that was published September 13, 2022, to the ICS webpage on 3. Vulnerabilities: Missing Encryption of Sensitive Data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |