CVE-2020-8704

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-8704
Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

6.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:local_manageability_service:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc527g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc527g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*
History

22 Apr 2022, 16:20

Type Values Removed Values Added
First Time Siemens simatic Ipc627e Firmware
Siemens simatic Itp1000 Firmware
Siemens
Siemens simatic Ipc677e
Siemens simatic Ipc847e
Siemens simatic Ipc477e Pro
Siemens simatic Ipc477e Firmware
Siemens simatic Ipc427e Firmware
Siemens simatic Ipc847e Firmware
Siemens simatic Itp1000
Siemens simatic Ipc527g
Siemens simatic Field Pg M6 Firmware
Siemens simatic Ipc477e
Siemens simatic Field Pg M5 Firmware
Siemens simatic Ipc647e
Siemens simatic Field Pg M6
Siemens simatic Ipc547g Firmware
Siemens simatic Field Pg M5
Siemens simatic Ipc427e
Siemens simatic Ipc677e Firmware
Siemens simatic Ipc477e Pro Firmware
Siemens simatic Ipc647e Firmware
Siemens simatic Ipc627e
Siemens simatic Ipc547g
Siemens simatic Ipc527g Firmware
CPE cpe:2.3:o:siemens:simatic_ipc527g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc527g:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf - Third Party Advisory

28 Jun 2021, 18:41

Type Values Removed Values Added
CWE CWE-362
CPE cpe:2.3:a:intel:local_manageability_service:*:*:*:*:*:*:*:*
References (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html - (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : 4.4
v3 : 6.4

09 Jun 2021, 19:22

Type Values Removed Values Added
New CVE
Information

Published : 2021-06-09 19:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-8704

Mitre link : CVE-2020-8704

CVE.ORG link : CVE-2020-8704

JSON object : View

Products Affected

siemens

  • simatic_ipc847e_firmware
  • simatic_ipc527g
  • simatic_ipc677e_firmware
  • simatic_ipc627e
  • simatic_ipc427e_firmware
  • simatic_field_pg_m5_firmware
  • simatic_itp1000_firmware
  • simatic_ipc547g
  • simatic_itp1000
  • simatic_field_pg_m5
  • simatic_ipc477e
  • simatic_ipc627e_firmware
  • simatic_ipc847e
  • simatic_ipc547g_firmware
  • simatic_ipc477e_firmware
  • simatic_field_pg_m6_firmware
  • simatic_ipc647e_firmware
  • simatic_field_pg_m6
  • simatic_ipc477e_pro_firmware
  • simatic_ipc427e
  • simatic_ipc647e
  • simatic_ipc477e_pro
  • simatic_ipc527g_firmware
  • simatic_ipc677e

intel

  • local_manageability_service
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')