cvelistv5 - cve-2020-0545

CVE-2020-0545 (GCVE-0-2020-0545)

Vulnerability from cvelistv5

Published

2020-06-15 14:00

Modified

2024-08-04 06:02

Severity ?

CWE

Denial of Service

Summary

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20200611-0006/	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	x_refsource_MISC
	https://kc.mcafee.com/corporate/index?page=content&id=SB10321	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf	x_refsource_CONFIRM
	https://support.lenovo.com/de/en/product_security/len-30041	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) CSME, Intel(R) TXE, and Intel(R) SPS	Version: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:02:52.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200611-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/de/en/product_security/len-30041"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) CSME, Intel(R) TXE, and Intel(R) SPS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T13:46:14.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200611-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.lenovo.com/de/en/product_security/len-30041"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0545",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) CSME, Intel(R) TXE, and Intel(R) SPS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200611-0006/"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10321",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10321"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf"
            },
            {
              "name": "https://support.lenovo.com/de/en/product_security/len-30041",
              "refsource": "MISC",
              "url": "https://support.lenovo.com/de/en/product_security/len-30041"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-0545",
    "datePublished": "2020-06-15T14:00:40.000Z",
    "dateReserved": "2019-10-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:02:52.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2020-AVI-439

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	LOGO! 8 BM (incl. variantes SIPLUS) versions antérieures à V1.82.04
Siemens	N/A	SIMATIC S7-300 CPU (incl. variantes ET200CPUs et SIPLUS) versions antérieures à V3.X.17
Siemens	N/A	SIMATIC TDC CP51M1 versions antérieures à V1.1.8
Siemens	N/A	SICAM T versions antérieures à V2.18
Siemens	N/A	Opcenter Execution Process versions antérieures à v3.2
Siemens	N/A	SICAM MMU versions antérieures à V2.05
Siemens	N/A	Camstar Enterprise Platform : une migration vers Opcenter Execution Core 8.2 est requise
Siemens	N/A	SIMATIC IT LMS, Production Suite, Notifier Server for Windows, PCS neo
Siemens	N/A	SICAM SGU
Siemens	N/A	LOGO! 8 BM (incl. variantes SIPLUS) versions antérieures à V1.82.03
Siemens	N/A	Opcenter RD&L versions antérieures à 8.1
Siemens	N/A	SIMATIC WinCC Runtime Advanced
Siemens	N/A	SPPA-T3000 APC UPS avec carte NMC AP9630 ou AP9631
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) v16 versions antérieures à V16 update 2
Siemens	N/A	SPPA-T3000 Application Server et Terminal Server
Siemens	N/A	SIMATIC TDC CPU555 versions antérieures à V1.1.1
Siemens	N/A	Opcenter Execution Discrete versions antérieures à v3.2
Siemens	N/A	Opcenter Execution Core versions antérieures à v8.2
Siemens	N/A	SIMATIC S7-200 SMART CPU versions antérieures à V2.5.1
Siemens	N/A	Opcenter Quality versions antérieures à 11.3
Siemens	N/A	Opcenter Intelligence
Siemens	N/A	LOGO! 8 BM (incl. variantes SIPLUS) versions antérieures à V1.81.04
Siemens	N/A	SIMATIC HMI Basic Panels première et seconde génération, Comfort Panels, Mobile Panels de seconde génération (incl. variantes SIPLUS)
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) v15
Siemens	N/A	SINUMERIK 840D sl versions antérieures à V4.8.6
Siemens	N/A	SIMATIC HMI KTP700F Mobile Arctic
Siemens	N/A	Opcenter Execution Foundation versions antérieures à v3.2
Siemens	N/A	SIMOCODE ES et Soft Starter ES
Siemens	N/A	SINUMERIK 840D sl versions antérieures à V4.94

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-589181 du 14 juillet 2020	None	vendor-advisory
Bulletin de sécurité Siemens SSA-631949 du 14 juillet 2020	None	vendor-advisory
Bulletin de sécurité Siemens SSA-573753 du 14 juillet 2020	None	vendor-advisory
Bulletin de sécurité Siemens SSA-604937 du 14 juillet 2020	None	vendor-advisory
Bulletin de sécurité Siemens SSA-508982 du 10 mars 2020, mis à jour le 14 juillet 2020	None	vendor-advisory
Bulletin de sécurité Siemens SSA-841348 du 14 juillet 2020	None	vendor-advisory
Bulletin de sécurité Siemens SSA-364335 du 14 juillet 2020	None	vendor-advisory
Bulletin de sécurité Siemens SSA-305120 du 14 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "LOGO! 8 BM (incl. variantes SIPLUS) versions ant\u00e9rieures \u00e0 V1.82.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU (incl. variantes ET200CPUs et SIPLUS) versions ant\u00e9rieures \u00e0 V3.X.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CP51M1 versions ant\u00e9rieures \u00e0 V1.1.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM T versions ant\u00e9rieures \u00e0 V2.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Execution Process versions ant\u00e9rieures \u00e0 v3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM MMU versions ant\u00e9rieures \u00e0 V2.05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Camstar Enterprise Platform : une migration vers Opcenter Execution Core 8.2 est requise",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IT LMS, Production Suite, Notifier Server for Windows, PCS neo",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM SGU",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! 8 BM (incl. variantes SIPLUS) versions ant\u00e9rieures \u00e0 V1.82.03",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter RD\u0026L versions ant\u00e9rieures \u00e0 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SPPA-T3000 APC UPS avec carte NMC AP9630 ou AP9631",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) v16 versions ant\u00e9rieures \u00e0 V16 update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SPPA-T3000 Application Server et Terminal Server",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CPU555 versions ant\u00e9rieures \u00e0 V1.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Execution Discrete versions ant\u00e9rieures \u00e0 v3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Execution Core versions ant\u00e9rieures \u00e0 v8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-200 SMART CPU versions ant\u00e9rieures \u00e0 V2.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Quality versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Intelligence",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! 8 BM (incl. variantes SIPLUS) versions ant\u00e9rieures \u00e0 V1.81.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Basic Panels premi\u00e8re et seconde g\u00e9n\u00e9ration, Comfort Panels, Mobile Panels de seconde g\u00e9n\u00e9ration (incl. variantes SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) v15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 840D sl versions ant\u00e9rieures \u00e0 V4.8.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI KTP700F Mobile Arctic",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Execution Foundation versions ant\u00e9rieures \u00e0 v3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOCODE ES et Soft Starter ES",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 840D sl versions ant\u00e9rieures \u00e0 V4.94",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7584"
    },
    {
      "name": "CVE-2020-7577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7577"
    },
    {
      "name": "CVE-2020-7587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7587"
    },
    {
      "name": "CVE-2020-7576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7576"
    },
    {
      "name": "CVE-2019-18336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18336"
    },
    {
      "name": "CVE-2020-10042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10042"
    },
    {
      "name": "CVE-2020-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7592"
    },
    {
      "name": "CVE-2020-10043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10043"
    },
    {
      "name": "CVE-2020-10045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10045"
    },
    {
      "name": "CVE-2020-7578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7578"
    },
    {
      "name": "CVE-2020-7588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7588"
    },
    {
      "name": "CVE-2020-10044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10044"
    },
    {
      "name": "CVE-2020-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10041"
    },
    {
      "name": "CVE-2020-7581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7581"
    },
    {
      "name": "CVE-2020-10039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10039"
    },
    {
      "name": "CVE-2020-10038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10038"
    },
    {
      "name": "CVE-2020-10040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10040"
    },
    {
      "name": "CVE-2020-11896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
    },
    {
      "name": "CVE-2020-7593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7593"
    },
    {
      "name": "CVE-2020-10037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10037"
    },
    {
      "name": "CVE-2020-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0545"
    }
  ],
  "initial_release_date": "2020-07-15T00:00:00",
  "last_revision_date": "2020-07-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-439",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-589181 du 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589181.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-631949 du 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-573753 du 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-604937 du 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-508982 du 10 mars 2020, mis \u00e0 jour le 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-841348 du 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-364335 du 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-305120 du 14 juillet 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf"
    }
  ]
}

CERTFR-2020-AVI-353

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel . Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions antérieures à 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12
Intel	N/A	certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
Intel	N/A	Intel SSD DC séries P4511 (m.2) versions antérieures à VDV10170
Intel	N/A	les processeurs Intel Core de génération 7, 8, 9 et 10 sans la dernière mise à jour du BIOS
Intel	N/A	Intel SSD DC séries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions antérieures à VDV10170
Intel	N/A	Intel SSD D3-S4510 séries M.2 FF versions antérieures à XC311120
Intel	N/A	Intel Innovation Engine Build and Signing Tool versions antérieures à 1.0.859

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00366 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00295 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00322 du 09 juin 2020	None	vendor-advisory
Liste de processeurs Intel vulnérables du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00320 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00266 du 09 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4511 (m.2) versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "les processeurs Intel Core de g\u00e9n\u00e9ration 7, 8, 9 et 10 sans la derni\u00e8re mise \u00e0 jour du BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD D3-S4510 s\u00e9ries M.2 FF versions ant\u00e9rieures \u00e0 XC311120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Innovation Engine Build and Signing Tool versions ant\u00e9rieures \u00e0 1.0.859",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0529"
    },
    {
      "name": "CVE-2020-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0531"
    },
    {
      "name": "CVE-2020-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0532"
    },
    {
      "name": "CVE-2020-0528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0528"
    },
    {
      "name": "CVE-2020-0538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0538"
    },
    {
      "name": "CVE-2020-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8674"
    },
    {
      "name": "CVE-2020-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8675"
    },
    {
      "name": "CVE-2020-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0594"
    },
    {
      "name": "CVE-2020-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0586"
    },
    {
      "name": "CVE-2020-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0541"
    },
    {
      "name": "CVE-2020-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0536"
    },
    {
      "name": "CVE-2020-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0595"
    },
    {
      "name": "CVE-2020-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0535"
    },
    {
      "name": "CVE-2020-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0566"
    },
    {
      "name": "CVE-2020-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0540"
    },
    {
      "name": "CVE-2020-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0597"
    },
    {
      "name": "CVE-2020-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0533"
    },
    {
      "name": "CVE-2020-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0539"
    },
    {
      "name": "CVE-2020-0542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0542"
    },
    {
      "name": "CVE-2020-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0537"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2020-0527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0527"
    },
    {
      "name": "CVE-2020-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0596"
    },
    {
      "name": "CVE-2020-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0534"
    },
    {
      "name": "CVE-2020-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0545"
    }
  ],
  "initial_release_date": "2020-06-10T00:00:00",
  "last_revision_date": "2020-06-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-353",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel\n. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00366 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00295 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00322 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html"
    },
    {
      "published_at": null,
      "title": "Liste de processeurs Intel vuln\u00e9rables du 09 juin 2020",
      "url": "https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00320 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00266 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-0545 (GCVE-0-2020-0545)

Vulnerability from cvelistv5

CERTFR-2020-AVI-439

Vulnerability from certfr_avis

Solution

CERTFR-2020-AVI-353

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature