cvelistv5 - cve-2018-3658

CVE-2018-3658 (GCVE-0-2018-3658)

Vulnerability from cvelistv5

Published

2018-09-12 19:00

Modified

2024-09-16 22:35

Severity ?

CWE

Denial of Service, Information Disclosure

Summary

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf	x_refsource_CONFIRM
	https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05	x_refsource_MISC
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106996	vdb-entry, x_refsource_BID
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180924-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Intel(R) Active Management Technology	Version: Versions before 12.0.5.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
          },
          {
            "name": "106996",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106996"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03876en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Active Management Technology",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 12.0.5."
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service, Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-25T22:57:01.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
        },
        {
          "name": "106996",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106996"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03876en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-09-11T00:00:00",
          "ID": "CVE-2018-3658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Active Management Technology",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 12.0.5."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service, Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
            },
            {
              "name": "106996",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106996"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03876en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03876en_us"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180924-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3658",
    "datePublished": "2018-09-12T19:00:00.000Z",
    "dateReserved": "2017-12-28T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:35:54.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-432

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel Data Center manager versions antérieures à 5.1
Intel	N/A	Intel Centrino Wireless-N 135
Intel	N/A	Processeur de la famille Intel Core de 6ème génération avec un microgiciel (CSME) antérieure à 11.8.55
Intel	N/A	Intel NUC Kit NUC7i3DNHE
Intel	N/A	Intel Compute Card CD1P64GK
Intel	N/A	Processeur Intel Core X-Series avec un microgiciel (CSME) antérieure à 11.11.55
Intel	N/A	Intel IoT Developers Kit versions 4.0 et antérieures
Intel	N/A	Intel NUC Kit NUC8i7HNK
Intel	N/A	Intel Server Board S2600BP (Purley)
Intel	N/A	Intel Computing Improvement Program versions antérieures à 2.2.0.03942
Intel	N/A	Intel NUC Kit NUC7i7BNH
Intel	N/A	Intel NUC Kit NUC5PGYH
Intel	N/A	Intel Compute Stick STCK1A32WFC
Intel	N/A	Intel Centrino Wireless-N 1030
Intel	N/A	Processeur Intel Xeon Scalable avec un microgiciel (CSME) antérieure à 11.21.55
Intel	N/A	Intel Compute Card CD1M3128MK
Intel	N/A	Intel ME versions antérieures à 10.0.60
Intel	N/A	Intel NUC Kit NUC7i7DNKE
Intel	N/A	Intel ME versions antérieures à 9.1.45
Intel	N/A	Intel CSME versions antérieures à 11.11.55
Intel	N/A	Intel Server Platform Service microgiciel antérieures à SPS_SoC-X_04.00.04.077.0
Intel	N/A	Intel Centrino Wireless-N 130
Intel	N/A	Intel Server Board S2600WF
Intel	N/A	Processeur Intel Xeon W avec un microgiciel (CSME) antérieure à 11.11.55
Intel	N/A	Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel antérieure à 4.x.05
Intel	N/A	Intel Compute Stick STK1AW32SC
Intel	N/A	Intel Server Board S2600TP (Grantley)
Intel	N/A	Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) antérieure à 11.8.55
Intel	N/A	Intel Server Platform Service microgiciel antérieures à SPS_E5_04.00.04.381.0
Intel	N/A	Intel NUC Kit NUC5CPYH
Intel	N/A	Intel NUC Kit D54250WYB
Intel	N/A	Intel Trusted Execution Engine (TXE) versions antérieures à 4.0.5
Intel	N/A	Intel Distribution pour Python 2018 téléchargé avant le 6 août 2018
Intel	N/A	Intel CSME versions antérieures à 12.0.6
Intel	N/A	Intel NUC Kit NUC6i5SYH
Intel	N/A	Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel antérieure à 4.00.04.381.0
Intel	N/A	Intel NUC Kit NUC6CAYS
Intel	N/A	Intel NUC Kit NUC7CJYH
Intel	N/A	Intel Centrino Advanced-N 6230
Intel	N/A	Intel NUC Kit NUC7i5DNKE
Intel	N/A	Intel NUC Kit NUC5i5MYHE
Intel	N/A	Intel NUC Kit NUC5i7RYH
Intel	N/A	Processeur de la famille Intel Core de 8ème génération avec un microgiciel (CSME) antérieure à 12.0.6
Intel	N/A	Intel Centrino Wireless-N 2230
Intel	N/A	Intel NUC Kit NUC5i3MYHE
Intel	N/A	Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) antérieure à 11.8.55
Intel	N/A	Intel Server Platform Service microgiciel antérieures à SPS_SoC-A_04.00.04.177.0
Intel	N/A	Intel NUC Kit NUC6i7KYK
Intel	N/A	Intel NUC Kit D33217GKE
Intel	N/A	Processeur Intel Xeon D-2100 Family Platform avec un microgiciel antérieure à 4.00.04.077.0
Intel	N/A	Intel ME versions antérieures à 9.5.65
Intel	N/A	Intel NUC Kit DE3815TYBE
Intel	N/A	Intel CSME versions antérieures à 11.8.55
Intel	N/A	Intel Server Board S2600WT (Grantley)
Intel	N/A	Intel Server Board S2600ST
Intel	N/A	Intel Data Migration Software versions 3.1 et antérieures
Intel	N/A	Intel Compute Stick STK2mv64CC
Intel	N/A	Processeur Intel Xeon Scalable Family Platforms avec un microgiciel antérieure à 4.00.04.381.0
Intel	N/A	Intel NUC Kit D53427RKE
Intel	N/A	Intel Compute Card CD1IV128MK
Intel	N/A	Intel Trusted Execution Engine (TXE) versions antérieures à 3.1.55
Intel	N/A	Outil de détection pour la vulnérabilité Intel-SA-00086 en version antérieure à 1.2.7.0
Intel	N/A	Intel Centrino Advanced-N 6235
Intel	N/A	Intel Extreme Tuning Utility versions antérieures à 6.4.1.23.
Intel	N/A	Processeur de la famille Intel Core de 7ème génération avec un microgiciel (CSME) antérieure à 11.8.55
Intel	N/A	Intel CSME versions antérieures à 11.21.55
Intel	N/A	Processeur Intel Atom C3000 Series Platform avec un microgiciel antérieure à 4.00.04.177.0
Intel	N/A	Intel NUC Kit DN2820FYKH
Intel	N/A	Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et antérieures
Intel	N/A	Intel Compute Stick STK2m3W64CC
Intel	N/A	Intel Driver & Support Assistant versions antérieures à 3.5.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Intel INTEL-SA-00119 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00125 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00162 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00181 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00149 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00148 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00141 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00173 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00177 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00165 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00170 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00172 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00142 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00176 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00143 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00131 du 11 septembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel Data Center manager versions ant\u00e9rieures \u00e0 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Centrino Wireless-N 135",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur de la famille Intel Core de 6\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC7i3DNHE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Card CD1P64GK",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Core X-Series avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel IoT Developers Kit versions 4.0 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC8i7HNK",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board S2600BP (Purley)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.2.0.03942",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC7i7BNH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC5PGYH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Stick STCK1A32WFC",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Centrino Wireless-N 1030",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Xeon Scalable avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.21.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Card CD1M3128MK",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel ME versions ant\u00e9rieures \u00e0 10.0.60",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC7i7DNKE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel ME versions ant\u00e9rieures \u00e0 9.1.45",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME versions ant\u00e9rieures \u00e0 11.11.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.077.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Centrino Wireless-N 130",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board S2600WF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Xeon W avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel ant\u00e9rieure \u00e0 4.x.05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Stick STK1AW32SC",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board S2600TP (Grantley)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC5CPYH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit D54250WYB",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Distribution pour Python 2018 t\u00e9l\u00e9charg\u00e9 avant le 6 ao\u00fbt 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME versions ant\u00e9rieures \u00e0 12.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC6i5SYH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC6CAYS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC7CJYH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Centrino Advanced-N 6230",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC7i5DNKE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC5i5MYHE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC5i7RYH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur de la famille Intel Core de 8\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 12.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Centrino Wireless-N 2230",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC5i3MYHE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.177.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC6i7KYK",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit D33217GKE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Xeon D-2100 Family Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.077.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel ME versions ant\u00e9rieures \u00e0 9.5.65",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DE3815TYBE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board S2600WT (Grantley)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board S2600ST",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Migration Software versions 3.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Stick STK2mv64CC",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Xeon Scalable Family Platforms avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit D53427RKE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Card CD1IV128MK",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 3.1.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Outil de d\u00e9tection pour la vuln\u00e9rabilit\u00e9 Intel-SA-00086 en version ant\u00e9rieure \u00e0 1.2.7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Centrino Advanced-N 6235",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Extreme Tuning Utility versions ant\u00e9rieures \u00e0 6.4.1.23.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur de la famille Intel Core de 7\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME versions ant\u00e9rieures \u00e0 11.21.55",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeur Intel Atom C3000 Series Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.177.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DN2820FYKH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Stick STK2m3W64CC",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 3.5.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12162"
    },
    {
      "name": "CVE-2018-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3655"
    },
    {
      "name": "CVE-2018-12160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12160"
    },
    {
      "name": "CVE-2018-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
    },
    {
      "name": "CVE-2018-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3669"
    },
    {
      "name": "CVE-2018-12151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12151"
    },
    {
      "name": "CVE-2018-12148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12148"
    },
    {
      "name": "CVE-2018-12149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12149"
    },
    {
      "name": "CVE-2018-12176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12176"
    },
    {
      "name": "CVE-2018-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3659"
    },
    {
      "name": "CVE-2018-12171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12171"
    },
    {
      "name": "CVE-2018-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
    },
    {
      "name": "CVE-2018-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3643"
    },
    {
      "name": "CVE-2018-12175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12175"
    },
    {
      "name": "CVE-2018-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
    },
    {
      "name": "CVE-2017-15361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15361"
    },
    {
      "name": "CVE-2018-12150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12150"
    },
    {
      "name": "CVE-2018-12163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12163"
    },
    {
      "name": "CVE-2018-3686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3686"
    },
    {
      "name": "CVE-2018-3679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3679"
    }
  ],
  "initial_release_date": "2018-09-12T00:00:00",
  "last_revision_date": "2018-09-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-432",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00119 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00125 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00162 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00181 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00149 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00148 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00141 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00173 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00177 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00165 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00170 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00172 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00142 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00176 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00143 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00131 du 11 septembre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
    }
  ]
}

CERTFR-2019-AVI-052

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC FieldPG M5 versions antérieures à V22.01.06
Siemens	N/A	SIMATIC IPC547E versions antérieures à R1.30.0
Siemens	N/A	relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.82
Siemens	N/A	SIMATIC IPC827D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC ITC1900 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC ITP1000 versions antérieures à V23.01.04
Siemens	N/A	SIMATIC IPC847D versions antérieures à V19.01.14
Siemens	N/A	SICAM 230 versions antérieures à V7.20 avec WibuKey Digital Rights Management (DRM) versions antérieures à 6.5
Siemens	N/A	relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.58
Siemens	N/A	Firmware variant IEC 61850 pour module ethernet EN100 versions antérieures à V4.35
Siemens	N/A	SIMATIC ITC1500 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC547G versions antérieures à R1.23.0
Siemens	N/A	SIMATIC IPC477E versions antérieures à V21.01.09
Siemens	N/A	SIMATIC ITC2200 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC677D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC ITC2200 V3 versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC627D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC IPC427E versions antérieures à V21.01.09
Siemens	N/A	SIMATIC IPC647D versions antérieures à V19.01.14
Siemens	N/A	SIMATIC ITC1500 V3 versions antérieures à V3.1
Siemens	N/A	SIMATIC ITC1900 V3 versions antérieures à V3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-377318 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-505225 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-760124 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-104088 du 12 février 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC FieldPG M5 versions ant\u00e9rieures \u00e0 V22.01.06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547E versions ant\u00e9rieures \u00e0 R1.30.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.82",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC827D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000 versions ant\u00e9rieures \u00e0 V23.01.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847D versions ant\u00e9rieures \u00e0 V19.01.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM 230 versions ant\u00e9rieures \u00e0 V7.20 avec WibuKey Digital Rights Management (DRM) versions ant\u00e9rieures \u00e0 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.58",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Firmware variant IEC 61850 pour module ethernet EN100 versions ant\u00e9rieures \u00e0 V4.35",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547G versions ant\u00e9rieures \u00e0 R1.23.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E versions ant\u00e9rieures \u00e0 V21.01.09",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427E versions ant\u00e9rieures \u00e0 V21.01.09",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647D versions ant\u00e9rieures \u00e0 V19.01.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16563"
    },
    {
      "name": "CVE-2018-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
    },
    {
      "name": "CVE-2018-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
    },
    {
      "name": "CVE-2018-3989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
    },
    {
      "name": "CVE-2018-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2017-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
    },
    {
      "name": "CVE-2018-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
    },
    {
      "name": "CVE-2018-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
    }
  ],
  "initial_release_date": "2019-02-12T00:00:00",
  "last_revision_date": "2019-02-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-052",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-505225 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-760124 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-104088 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-3658 (GCVE-0-2018-3658)

Vulnerability from cvelistv5

CERTFR-2018-AVI-432

Vulnerability from certfr_avis

Solution

CERTFR-2019-AVI-052

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature