Vulnerabilities > Siemens > Simatic Ipc427E Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2020-24507 Improper Initialization vulnerability in multiple products
Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.
local
low complexity
intel siemens CWE-665
4.4
2021-06-09 CVE-2020-8670 Race Condition vulnerability in multiple products
Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
high complexity
intel siemens netapp CWE-362
6.4
2021-06-09 CVE-2020-8703 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp siemens CWE-119
6.7
2021-06-09 CVE-2020-8704 Race Condition vulnerability in multiple products
Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.
local
high complexity
intel siemens CWE-362
6.4
2020-11-12 CVE-2020-8745 Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
low complexity
intel siemens
6.8
2020-11-12 CVE-2020-8698 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-06-15 CVE-2020-0543 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2018-09-12 CVE-2018-3658 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
network
low complexity
siemens intel CWE-772
5.3
2018-09-12 CVE-2018-3657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
local
low complexity
siemens intel CWE-119
6.7
2018-09-12 CVE-2018-3616 Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
network
high complexity
intel siemens
5.9