Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Intel
  • Local Manageability Service
Siemens
  • Simatic Field Pg M5
  • Simatic Field Pg M5 Firmware
  • Simatic Field Pg M6
  • Simatic Field Pg M6 Firmware
  • Simatic Ipc427e
  • Simatic Ipc427e Firmware
  • Simatic Ipc477e
  • Simatic Ipc477e Firmware
  • Simatic Ipc477e Pro
  • Simatic Ipc477e Pro Firmware
  • Simatic Ipc527g
  • Simatic Ipc527g Firmware
  • Simatic Ipc547g
  • Simatic Ipc547g Firmware
  • Simatic Ipc627e
  • Simatic Ipc627e Firmware
  • Simatic Ipc647e
  • Simatic Ipc647e Firmware
  • Simatic Ipc677e
  • Simatic Ipc677e Firmware
  • Simatic Ipc847e
  • Simatic Ipc847e Firmware
  • Simatic Itp1000
  • Simatic Itp1000 Firmware

Configuration 1 [-]

cpe:2.3:a:intel:local_manageability_service:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:simatic_ipc527g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc527g:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf cve-icon cve-icon
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: intel

Published:

Updated: 2024-08-04T10:03:46.322Z

Reserved: 2020-02-06T00:00:00

Link: CVE-2020-8704

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-09T19:15:09.263

Modified: 2024-11-21T05:39:17.800

Link: CVE-2020-8704

cve-icon Redhat

No data.