CVE-2020-8704

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 6.4 MEDIUM
CVSS v2.0 4.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:local_manageability_service:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc527g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc527g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf - Third Party Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf - Third Party Advisory
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html - Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html - Vendor Advisory

22 Apr 2022, 16:20

Type	Values Removed	Values Added
CPE		cpe:2.3:o:siemens:simatic_ipc847e_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc477e_pro:-:::::::* cpe:2.3:o:siemens:simatic_ipc477e_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc847e:-:::::::* cpe:2.3:h:siemens:simatic_ipc547g:-:::::::* cpe:2.3:o:siemens:simatic_ipc647e_firmware:::::::: cpe:2.3:h:siemens:simatic_itp1000:-:::::::* cpe:2.3:h:siemens:simatic_field_pg_m6:-:::::::* cpe:2.3:h:siemens:simatic_ipc677e:-:::::::* cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc527g:-:::::::* cpe:2.3:o:siemens:simatic_ipc427e_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc477e:-:::::::* cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:::::::: cpe:2.3:h:siemens:simatic_field_pg_m5:-:::::::* cpe:2.3:h:siemens:simatic_ipc647e:-:::::::* cpe:2.3:h:siemens:simatic_ipc427e:-:::::::* cpe:2.3:o:siemens:simatic_ipc547g_firmware:::::::: cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc527g_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc627e:-:::::::* cpe:2.3:o:siemens:simatic_itp1000_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc627e_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc677e_firmware::::::::
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf - Third Party Advisory

28 Jun 2021, 18:41

Type	Values Removed	Values Added
CWE		CWE-362
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.4 v3 : 6.4
CPE		cpe:2.3:a:intel:local_manageability_service::::::::

09 Jun 2021, 19:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-06-09 19:15

Updated : 2024-11-21 05:39

NVD link : CVE-2020-8704

Mitre link : CVE-2020-8704

CVE.ORG link : CVE-2020-8704

JSON object : View

Products Affected

intel

local_manageability_service

siemens

simatic_ipc477e
simatic_field_pg_m5
simatic_ipc847e_firmware
simatic_ipc677e_firmware
simatic_ipc427e_firmware
simatic_ipc527g
simatic_ipc647e_firmware
simatic_ipc477e_firmware
simatic_field_pg_m6_firmware
simatic_ipc627e
simatic_ipc647e
simatic_itp1000_firmware
simatic_field_pg_m5_firmware
simatic_ipc477e_pro_firmware
simatic_ipc627e_firmware
simatic_ipc477e_pro
simatic_ipc427e
simatic_field_pg_m6
simatic_ipc677e
simatic_ipc547g
simatic_ipc527g_firmware
simatic_itp1000
simatic_ipc547g_firmware
simatic_ipc847e

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

6.4 /10