CVE-2018-3658

MEDIUM

Siemens Simatic Field PG M5 Firmware < 22.01.06 - Resource Leak

Title source: rule

Description

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

References (6)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106996

[Patch, Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20180924-0003/

[Third Party Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us

[Vendor Advisory] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html

Scores

CVSS v3 5.3

EPSS 0.0113

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-772

Status published

Affected Products (14)

siemens/simatic_field_pg_m5_firmware < 22.01.06

siemens/simatic_ipc427e_firmware < 21.01.09

siemens/simatic_ipc477e_firmware < 21.01.09

siemens/simatic_ipc547e_firmware < r1.30.0

siemens/simatic_pc547g_firmware < r1.23.0

siemens/simatic_ipc627d_firmware < 19.02.11

siemens/simatic_ipc647d_firmware < 19.01.14

siemens/simatic_ipc677d_firmware < 19.02.11

siemens/simatic_ipc827d_firmware < 19.02.11

siemens/simatic_ipc847d_firmware < 19.01.14

siemens/simatic_itp1000_firmware < 23.01.04

intel/converged_security_management_engine_firmware < 12.0.5

intel/active_management_technology_firmware < 12.0.5

intel/manageability_engine_firmware < 11.0

Timeline

Published Sep 12, 2018

Tracked Since Feb 18, 2026