HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-8744

CVSS 7.8v3.1pub. 2020-11-12upd. 2024-11-21

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Intel Converged Security And Management Engine

    APP
    Intel
    < 12.0.7013.0.0 – 13.0.40 (bez)13.30.0 – 13.30.10 (bez)14.0.0 – 14.0.45 (bez)14.5.0 – 14.5.25 (bez)
  • Intel Server Platform Services

    APP
    Intel
    < e3_05.01.04.200
  • Intel Trusted Execution Engine

    OS
    Intel
    < 4.0.30
  • Siemens Simatic S7 1500

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1500 Firmware

    OS
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1518 4 Pn\/dp Mfp

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1518 4 Pn\/dp Mfp Firmware

    OS
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1518f 4 Pn\/dp Mfp

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1518f 4 Pn\/dp Mfp Firmware

    OS
    Siemens
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2014-0160HIGH7.5⚠ KEVten sam produkt

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Exten...

CVE-2022-36348HIGH8.8ten sam produkt

Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticat...

CVE-2020-8750HIGH7.8ten sam produkt

Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authentic...

CVE-2020-0586HIGH7.8ten sam produkt

Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.0...

CVE-2019-19300HIGH7.5ten sam produkt

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/...