CVE-2020-8704

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 6.4 MEDIUM
CVSS v2.0 4.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:local_manageability_service:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc527g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc527g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-09 19:15

Updated : 2024-02-28 18:28

NVD link : CVE-2020-8704

Mitre link : CVE-2020-8704

CVE.ORG link : CVE-2020-8704

JSON object : View

Products Affected

siemens

simatic_ipc477e_pro
simatic_ipc627e
simatic_ipc647e_firmware
simatic_ipc477e_pro_firmware
simatic_ipc847e
simatic_ipc527g_firmware
simatic_ipc527g
simatic_field_pg_m5_firmware
simatic_ipc677e_firmware
simatic_ipc427e
simatic_field_pg_m5
simatic_itp1000
simatic_ipc477e
simatic_itp1000_firmware
simatic_field_pg_m6_firmware
simatic_field_pg_m6
simatic_ipc677e
simatic_ipc647e
simatic_ipc427e_firmware
simatic_ipc477e_firmware
simatic_ipc627e_firmware
simatic_ipc847e_firmware
simatic_ipc547g
simatic_ipc547g_firmware

intel

local_manageability_service

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

6.4 /10