Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Siemens
  • Simatic Itp1000
  • Simatic Ipc647e Firmware
  • Simatic Ipc527g
  • Simatic Ipc427e Firmware
  • Simatic Itp1000 Firmware
  • Simatic Ipc527g Firmware
  • Simatic Ipc547g
  • Simatic Field Pg M6 Firmware
  • Simatic Ipc427e
  • Simatic Ipc647e
  • Simatic Ipc847e Firmware
  • Simatic Field Pg M6
  • Simatic Ipc477e
  • Simatic Field Pg M5
  • Simatic Ipc677e Firmware
  • Simatic Ipc847e
  • Simatic Ipc547g Firmware
  • Simatic Ipc627e Firmware
  • Simatic Field Pg M5 Firmware
  • Simatic Ipc677e
  • Simatic Ipc627e
  • Simatic Ipc477e Pro
  • Simatic Ipc477e Pro Firmware
  • Simatic Ipc477e Firmware
Intel
  • Local Manageability Service

Configuration 1 [-]

cpe:2.3:a:intel:local_manageability_service:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:simatic_ipc527g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc527g:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2021-06-09T18:47:41

Updated: 2021-08-10T11:06:35

Reserved: 2020-02-06T00:00:00

Link: CVE-2020-8704

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-06-09T19:15:09.263

Modified: 2022-04-22T16:20:40.843

Link: CVE-2020-8704

JSON object: View

cve-icon Redhat Information

No data.

CWE