CVE-2018-3616

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/106996	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf	Patch Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05	Third Party Advisory US Government Resource
https://security.netapp.com/advisory/ntap-20180924-0003/	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::
	cpe:2.3:o:intel:manageability_engine_firmware::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc547e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pc547e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_pc547g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc627d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc627d:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc677d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc677d:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc827d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc827d:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*

History

17 Aug 2023, 17:43

Type	Values Removed	Values Added
CPE		cpe:2.3:o:intel:active_management_technology_firmware:::::::: cpe:2.3:o:intel:manageability_engine_firmware::::::::

26 May 2021, 16:11

Type	Values Removed	Values Added
References	~~(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05 - US Government Resource, Third Party Advisory~~	(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05 - Third Party Advisory, US Government Resource
CPE	cpe:2.3:o:siemens:simatic_fieldpg_m5_firmware:::::::: cpe:2.3:h:siemens:simatic_fieldpg_m5:-:::::::*	cpe:2.3:h:siemens:simatic_field_pg_m5:-:::::::* cpe:2.3:o:siemens:simatic_field_pg_m5_firmware::::::::

Information

Published : 2018-09-12 19:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-3616

Mitre link : CVE-2018-3616

CVE.ORG link : CVE-2018-3616

JSON object : View

Products Affected

siemens

simatic_ipc547e_firmware
simatic_ipc627d
simatic_ipc647d
simatic_ipc847d
simatic_ipc827d
simatic_itp1000
simatic_ipc677d_firmware
simatic_pc547g_firmware
simatic_ipc477e
simatic_ipc677d
simatic_pc547e
simatic_ipc827d_firmware
simatic_ipc647d_firmware
simatic_field_pg_m5_firmware
simatic_ipc427e
simatic_ipc847d_firmware
simatic_itp1000_firmware
simatic_ipc547g
simatic_field_pg_m5
simatic_ipc427e_firmware
simatic_ipc477e_firmware
simatic_ipc627d_firmware

intel

converged_security_management_engine_firmware
manageability_engine_firmware
active_management_technology_firmware

CWE

NVD-CWE-noinfo

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-3616

5.9^/10

4.3^/10

Attach tags to `CVE-2018-3616`