Vulnerability-Lookup

BDU:2019-01065

Vulnerability from fstec - Published: 11.09.2018

Title

Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного считывания системных регистров, позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость процессоров Intel и ARM связана с использованием спекулятивного считывания системных регистров. Эксплуатация уязвимости может позволить нарушителю раскрыть системные параметры с помощью специально сформированного приложения

Severity ?


                    
                      AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Vendor

ARM Limited, Intel Corp., Siemens AG

Software Name

ARM Cortex-A57, ARM Cortex-A72, Intel Xeon, Intel Pentium, Intel Atom, Intel Celeron, SIMATIC Field PG M5, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC547E, SIMATIC IPC547G, SIMATIC IPC627D, SIMATIC IPC647D, SIMATIC IPC677D, SIMATIC IPC827D, SIMATIC IPC847D, SIMATIC ITP1000, SIMATIC ET 200SP Open Controller, SIMATIC IPC427C, SIMATIC IPC477C, SINEMA Remote Connect, RUGGEDCOM APE, SIMATIC Field PG M4, SIMATIC IPC427D, SIMATIC IPC477D, SIMATIC IPC477E Pro, SIMATIC IPC627C, SIMATIC IPC647C, SIMATIC IPC677C, SIMATIC IPC827C, SIMATIC IPC847C, SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SIMOTION P320-4E, SIMOTION P320-4S, SINUMERIK 840D sl, SINUMERIK PCU 50.5, SINUMERIK Panels с интегрированной TCU, SINUMERIK TCU 30.3, SIMATIC HMI Basic Panels 2nd Generation, SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12" Panels, SIMATIC HMI Comfort PRO Panels, SIMATIC IPC3000 SMART V2, SIMATIC IPC347E, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 Software Controller, ARM Cortex-A15, SIMATIC ET 200AL, SIMATIC HMI Mobile Panels, SIMATIC WinAC RTX 2010 incl. F

Software Version

- (ARM Cortex-A57), - (ARM Cortex-A72), 3400 series (Intel Xeon), 3500 series (Intel Xeon), 3600 series (Intel Xeon), 5500 series (Intel Xeon), 5600 series (Intel Xeon), 6500 series (Intel Xeon), 7500 series (Intel Xeon), E3 Family (Intel Xeon), E3 v2 Family (Intel Xeon), E3 v3 Family (Intel Xeon), E3 v4 Family (Intel Xeon), E3 v5 Family (Intel Xeon), E3 v6 Family (Intel Xeon), E5 Family (Intel Xeon), E5 v2 Family (Intel Xeon), E5 v3 Family (Intel Xeon), E5 v4 Family (Intel Xeon), E5 v5 Family (Intel Xeon), E5 v6 Family (Intel Xeon), E7 Family (Intel Xeon), E7 v2 Family (Intel Xeon), E7 v3 Family (Intel Xeon), E7 v4 Family (Intel Xeon), Scalable Family (Intel Xeon), J4205 (Intel Pentium), J5005 (Intel Pentium), N4000 (Intel Pentium), N4100 (Intel Pentium), N4200 (Intel Pentium), N5000 (Intel Pentium), C3308 (Intel Atom), C3338 (Intel Atom), C3508 (Intel Atom), C3538 (Intel Atom), C3558 (Intel Atom), C3708 (Intel Atom), C3750 (Intel Atom), C3758 (Intel Atom), C3808 (Intel Atom), C3830 (Intel Atom), C3850 (Intel Atom), C3858 (Intel Atom), C3950 (Intel Atom), C3955 (Intel Atom), C3958 (Intel Atom), E Series (Intel Atom), A Series (Intel Atom), x5-E3930 (Intel Atom), x5-E3940 (Intel Atom), x7-E3950 (Intel Atom), T5500 (Intel Atom), T5700 (Intel Atom), Z Series (Intel Atom), J3355 (Intel Celeron), J3455 (Intel Celeron), J4005 (Intel Celeron), J4105 (Intel Celeron), N3450 (Intel Celeron), до 22.01.06 (SIMATIC Field PG M5), до 21.01.09 (SIMATIC IPC427E), до 21.01.09 (SIMATIC IPC477E), до R1.30.0 (SIMATIC IPC547E), до R1.23.0 (SIMATIC IPC547G), до 19.02.11 (SIMATIC IPC627D), до 19.01.14 (SIMATIC IPC647D), до 19.02.11 (SIMATIC IPC677D), до 19.02.11 (SIMATIC IPC827D), до 19.01.14 (SIMATIC IPC847D), до 23.01.04 (SIMATIC ITP1000), до 2.6 (SIMATIC ET 200SP Open Controller), - (SIMATIC IPC427C), - (SIMATIC IPC477C), - (SINEMA Remote Connect), - (RUGGEDCOM APE), до 18.01.09 (SIMATIC Field PG M4), до 17.0X.14 (SIMATIC IPC427D), до 17.0X.14 (SIMATIC IPC477D), до 21.01.09 (SIMATIC IPC477E Pro), до 15.02.15 (SIMATIC IPC627C), до 15.01.14 (SIMATIC IPC647C), до 15.02.15 (SIMATIC IPC677C), до 15.02.15 (SIMATIC IPC827C), до 15.01.14 (SIMATIC IPC847C), до 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP), до 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), до 17.0X.14 (SIMOTION P320-4E), до 17.0X.14 (SIMOTION P320-4S), - (SINUMERIK 840D sl), до 15.02.15 (SINUMERIK PCU 50.5), Выпущенные до 2016 включительно (SINUMERIK Panels с интегрированной TCU), - (SINUMERIK TCU 30.3), - (SIMATIC HMI Basic Panels 2nd Generation), - (SIMATIC HMI Comfort 15-22 Panels), - (SIMATIC HMI Comfort 4-12" Panels), - (SIMATIC HMI Comfort PRO Panels), до 1.5 (SIMATIC IPC3000 SMART V2), до 1.5 (SIMATIC IPC347E), до 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK), до 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK), до 2.6 (SIMATIC S7-1500 Software Controller), - (ARM Cortex-A15), до 2.6 (SIMATIC ET 200AL), - (SIMATIC HMI Mobile Panels), до SP3 (SIMATIC WinAC RTX 2010 incl. F)

Possible Mitigations

Обновление программного обеспечения: Для SIMATIC Field PG M4 до версии BIOS V18.01.09: https://support.industry.siemens.com/cs/de/en/view/109037537 Для SIMATIC Field PG M5 до версии BIOS V22.01.06: https://support.industry.siemens.com/cs/de/en/view/109738122 Для SIMATIC ET 200 SP Open Controller и SIMATIC ET 200 SP Open Controller (F) до V2.6^ https://support.industry.siemens.com/cs/ww/en/view/109759122 Для SIMATIC HMI Basic Panels 2nd Generation до V15.1: https://support.industry.siemens.com/cs/ww/en/view/109761203 Для SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12" Panels, SIMATIC HMI Comfort PRO Panels и SIMATIC HMI KTP Mobile Panels до V15 Upd 2: https://support.industry.siemens.com/cs/ww/en/view/109755826 Для SIMATIC IPC3000 SMART V2 и SIMATIC IPC347E до версии BIOS V1.5: https://support.industry.siemens.com/cs/ww/en/view/109759824 Для SIMATIC IPC427D, SIMATIC IPC477D, SIMOTION P320-4E и SIMOTION P320-4S до версии BIOS V17.0X.14: https://support.industry.siemens.com/cs/de/en/view/108608500 Для SIMATIC IPC427E, SIMATIC IPC477E и SIMATIC IPC477E Pro до версии BIOS V21.01.09: https://support.industry.siemens.com/cs/de/en/view/109742593 Для SIMATIC IPC547E до версии BIOS R1.30.0: https://support.industry.siemens.com/cs/us/en/view/109481624 Для SIMATIC IPC547G до версии BIOS R1.23.0: https://support.industry.siemens.com/cs/us/en/view/109750349 Для SIMATIC IPC627D, SIMATIC IPC677D и SIMATIC IPC827D до версии BIOS V19.02.11: https://support.industry.siemens.com/cs/ww/de/view/109474954 Для SIMATIC IPC627C, SIMATIC IPC677C и SIMATIC IPC827C до версии BIOS V15.02.15: https://support.industry.siemens.com/cs/ww/en/view/48792087 Для SIMATIC IPC647C и SIMATIC IPC847C до версии BIOS V15.01.14: https://support.industry.siemens.com/cs/ww/en/view/48792076 Для SIMATIC IPC647D и SIMATIC IPC847D до версии BIOS V19.01.14: https://support.industry.siemens.com/cs/ww/en/view/109037779 Для SIMATIC ITP1000 до версии BIOS V23.01.04: https://support.industry.siemens.com/cs/us/en/view/109748173 Для SIMATIC WinAC RTX (F) 2010 до SIMATIC WinAC RTX 2010 SP3: https://support.industry.siemens.com/cs/ww/en/view/109765109 Для SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK и SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP до версии BIOS V2.6: https://support.industry.siemens.com/cs/ww/en/view/109478459 Компенсирующие меры: Для RUGGEDCOM APE и RUGGEDCOM RX1400 VPE: Применение исправлений Debian по мере их появления Ограничение возможностей запуска ненадежного кода, если это возможно Применение концепции углубленной защиты https://www.siemens.com/industrialsecurity

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://nvd.nist.gov/vuln/detail/CVE-2018-3640

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ARM Limited, Intel Corp., Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (ARM Cortex-A57), - (ARM Cortex-A72), 3400 series (Intel Xeon), 3500 series (Intel Xeon), 3600 series (Intel Xeon), 5500 series (Intel Xeon), 5600 series (Intel Xeon), 6500 series (Intel Xeon), 7500 series (Intel Xeon), E3 Family (Intel Xeon), E3 v2 Family (Intel Xeon), E3 v3 Family (Intel Xeon), E3 v4 Family (Intel Xeon), E3 v5 Family (Intel Xeon), E3 v6 Family (Intel Xeon), E5 Family (Intel Xeon), E5 v2 Family (Intel Xeon), E5 v3 Family (Intel Xeon), E5 v4 Family (Intel Xeon), E5 v5 Family (Intel Xeon), E5 v6 Family (Intel Xeon), E7 Family (Intel Xeon), E7 v2 Family (Intel Xeon), E7 v3 Family (Intel Xeon), E7 v4 Family (Intel Xeon), Scalable Family (Intel Xeon), J4205 (Intel Pentium), J5005 (Intel Pentium), N4000 (Intel Pentium), N4100 (Intel Pentium), N4200 (Intel Pentium), N5000 (Intel Pentium), C3308 (Intel Atom), C3338 (Intel Atom), C3508 (Intel Atom), C3538 (Intel Atom), C3558 (Intel Atom), C3708 (Intel Atom), C3750 (Intel Atom), C3758 (Intel Atom), C3808 (Intel Atom), C3830 (Intel Atom), C3850 (Intel Atom), C3858 (Intel Atom), C3950 (Intel Atom), C3955 (Intel Atom), C3958 (Intel Atom), E Series (Intel Atom), A Series (Intel Atom), x5-E3930 (Intel Atom), x5-E3940 (Intel Atom), x7-E3950 (Intel Atom), T5500 (Intel Atom), T5700 (Intel Atom), Z Series (Intel Atom), J3355 (Intel Celeron), J3455 (Intel Celeron), J4005 (Intel Celeron), J4105 (Intel Celeron), N3450 (Intel Celeron), \u0434\u043e 22.01.06 (SIMATIC Field PG M5), \u0434\u043e 21.01.09 (SIMATIC IPC427E), \u0434\u043e 21.01.09 (SIMATIC IPC477E), \u0434\u043e R1.30.0 (SIMATIC IPC547E), \u0434\u043e R1.23.0 (SIMATIC IPC547G), \u0434\u043e 19.02.11 (SIMATIC IPC627D), \u0434\u043e 19.01.14 (SIMATIC IPC647D), \u0434\u043e 19.02.11 (SIMATIC IPC677D), \u0434\u043e 19.02.11 (SIMATIC IPC827D), \u0434\u043e 19.01.14 (SIMATIC IPC847D), \u0434\u043e 23.01.04 (SIMATIC ITP1000), \u0434\u043e 2.6 (SIMATIC ET 200SP Open Controller), - (SIMATIC IPC427C), - (SIMATIC IPC477C), - (SINEMA Remote Connect), - (RUGGEDCOM APE), \u0434\u043e 18.01.09 (SIMATIC Field PG M4), \u0434\u043e 17.0X.14 (SIMATIC IPC427D), \u0434\u043e 17.0X.14 (SIMATIC IPC477D), \u0434\u043e 21.01.09 (SIMATIC IPC477E Pro), \u0434\u043e 15.02.15 (SIMATIC IPC627C), \u0434\u043e 15.01.14 (SIMATIC IPC647C), \u0434\u043e 15.02.15 (SIMATIC IPC677C), \u0434\u043e 15.02.15 (SIMATIC IPC827C), \u0434\u043e 15.01.14 (SIMATIC IPC847C), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), \u0434\u043e 17.0X.14 (SIMOTION P320-4E), \u0434\u043e 17.0X.14 (SIMOTION P320-4S), - (SINUMERIK 840D sl), \u0434\u043e 15.02.15 (SINUMERIK PCU 50.5), \u0412\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0434\u043e 2016 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SINUMERIK Panels \u0441 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 TCU), - (SINUMERIK TCU 30.3), - (SIMATIC HMI Basic Panels 2nd Generation), - (SIMATIC HMI Comfort 15-22 Panels), - (SIMATIC HMI Comfort 4-12\" Panels), - (SIMATIC HMI Comfort PRO Panels), \u0434\u043e 1.5 (SIMATIC IPC3000 SMART V2), \u0434\u043e 1.5 (SIMATIC IPC347E), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK), \u0434\u043e 2.6 (SIMATIC S7-1500 Software Controller), - (ARM Cortex-A15), \u0434\u043e 2.6 (SIMATIC ET 200AL), - (SIMATIC HMI Mobile Panels), \u0434\u043e SP3 (SIMATIC WinAC RTX 2010 incl. F)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\n\u0414\u043b\u044f SIMATIC Field PG M4 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V18.01.09:\nhttps://support.industry.siemens.com/cs/de/en/view/109037537\n\n\u0414\u043b\u044f SIMATIC Field PG M5 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V22.01.06:\nhttps://support.industry.siemens.com/cs/de/en/view/109738122\n\n\u0414\u043b\u044f SIMATIC ET 200 SP Open Controller \u0438 SIMATIC ET 200 SP Open Controller (F) \u0434\u043e V2.6^\nhttps://support.industry.siemens.com/cs/ww/en/view/109759122\n\n\u0414\u043b\u044f SIMATIC HMI Basic Panels 2nd Generation \u0434\u043e V15.1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109761203\n\n\u0414\u043b\u044f SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12\" Panels, SIMATIC HMI Comfort PRO Panels \u0438 SIMATIC HMI KTP Mobile Panels \u0434\u043e V15 Upd 2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109755826\n\n\u0414\u043b\u044f SIMATIC IPC3000 SMART V2 \u0438 SIMATIC IPC347E \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V1.5:\nhttps://support.industry.siemens.com/cs/ww/en/view/109759824\n\n\u0414\u043b\u044f SIMATIC IPC427D, SIMATIC IPC477D, SIMOTION P320-4E \u0438 SIMOTION P320-4S \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V17.0X.14:\nhttps://support.industry.siemens.com/cs/de/en/view/108608500\n\n\u0414\u043b\u044f SIMATIC IPC427E, SIMATIC IPC477E \u0438 SIMATIC IPC477E Pro \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V21.01.09:\nhttps://support.industry.siemens.com/cs/de/en/view/109742593\n\n\u0414\u043b\u044f SIMATIC IPC547E \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS R1.30.0:\nhttps://support.industry.siemens.com/cs/us/en/view/109481624\n\n\u0414\u043b\u044f SIMATIC IPC547G \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS R1.23.0:\nhttps://support.industry.siemens.com/cs/us/en/view/109750349\n\n\u0414\u043b\u044f SIMATIC IPC627D, SIMATIC IPC677D \u0438 SIMATIC IPC827D \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V19.02.11: https://support.industry.siemens.com/cs/ww/de/view/109474954\n\n\u0414\u043b\u044f SIMATIC IPC627C, SIMATIC IPC677C \u0438 SIMATIC IPC827C \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V15.02.15:\nhttps://support.industry.siemens.com/cs/ww/en/view/48792087\n\n\u0414\u043b\u044f SIMATIC IPC647C \u0438 SIMATIC IPC847C \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V15.01.14:\nhttps://support.industry.siemens.com/cs/ww/en/view/48792076\n\n\u0414\u043b\u044f SIMATIC IPC647D \u0438 SIMATIC IPC847D \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V19.01.14:\nhttps://support.industry.siemens.com/cs/ww/en/view/109037779\n\n\u0414\u043b\u044f SIMATIC ITP1000 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V23.01.04:\nhttps://support.industry.siemens.com/cs/us/en/view/109748173\n\n\u0414\u043b\u044f SIMATIC WinAC RTX (F) 2010 \u0434\u043e SIMATIC WinAC RTX 2010 SP3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109765109\n\n\u0414\u043b\u044f SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK \u0438 SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V2.6:\nhttps://support.industry.siemens.com/cs/ww/en/view/109478459\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\n\u0414\u043b\u044f RUGGEDCOM APE \u0438 RUGGEDCOM RX1400 VPE:\n\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 Debian \u043f\u043e \u043c\u0435\u0440\u0435 \u0438\u0445 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\n\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438 \u0443\u0433\u043b\u0443\u0431\u043b\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b\nhttps://www.siemens.com/industrialsecurity",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.09.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.03.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01065",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-3640",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ARM Cortex-A57, ARM Cortex-A72, Intel Xeon, Intel Pentium, Intel Atom, Intel Celeron, SIMATIC Field PG M5, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC547E, SIMATIC IPC547G, SIMATIC IPC627D, SIMATIC IPC647D, SIMATIC IPC677D, SIMATIC IPC827D, SIMATIC IPC847D, SIMATIC ITP1000, SIMATIC ET 200SP Open Controller, SIMATIC IPC427C, SIMATIC IPC477C, SINEMA Remote Connect, RUGGEDCOM APE, SIMATIC Field PG M4, SIMATIC IPC427D, SIMATIC IPC477D, SIMATIC IPC477E Pro, SIMATIC IPC627C, SIMATIC IPC647C, SIMATIC IPC677C, SIMATIC IPC827C, SIMATIC IPC847C, SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SIMOTION P320-4E, SIMOTION P320-4S, SINUMERIK 840D sl, SINUMERIK PCU 50.5, SINUMERIK Panels \u0441 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 TCU, SINUMERIK TCU 30.3, SIMATIC HMI Basic Panels 2nd Generation, SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12\" Panels, SIMATIC HMI Comfort PRO Panels, SIMATIC IPC3000 SMART V2, SIMATIC IPC347E, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 Software Controller, ARM Cortex-A15, SIMATIC ET 200AL, SIMATIC HMI Mobile Panels, SIMATIC WinAC RTX 2010 incl. F",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0438 ARM, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0438 ARM \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u041a\u043b\u0430\u0441\u0441 \u0430\u0442\u0430\u043a, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Spectre V3a.\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 SIMATIC HMI Basic Panels 2nd Generation, SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12\" Panels, SIMATIC HMI Comfort PRO Panels, SIMATIC HMI KTP Mobile Panels \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 SIMATIC WinCC 14 \u0438 WinCC \u043e\u0442 15 \u0434\u043e 15 Upd 2",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf\n\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3640",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

CVE-2018-3640 (GCVE-0-2018-3640)

Vulnerability from cvelistv5 – Published: 2018-05-22 12:00 – Updated: 2024-09-16 19:31

Summary

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

intel

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-22133	x_refsource_CONFIRM
	https://www.us-cert.gov/ncas/alerts/TA18-141A	third-party-advisoryx_refsource_CERT
	http://www.securitytracker.com/id/1042004	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1040949	vdb-entryx_refsource_SECTRACK
	https://psirt.global.sonicwall.com/vuln-detail/SN…	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synolog…	x_refsource_CONFIRM
	https://developer.arm.com/support/arm-security-up…	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/180049	third-party-advisoryx_refsource_CERT-VN
	http://www.fujitsu.com/global/support/products/so…	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-us/security-…	x_refsource_CONFIRM
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	https://www.mitel.com/en-ca/support/security-advi…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2018/dsa-4273	vendor-advisoryx_refsource_DEBIAN
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104228	vdb-entryx_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/3756-1/	vendor-advisoryx_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-2018052…	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Multiple	Affected: Multiple

Date Public ?

2018-05-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
          },
          {
            "name": "TA18-141A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
          },
          {
            "name": "1042004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "1040949",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040949"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "name": "VU#180049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/180049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
          },
          {
            "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "DSA-4273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
          },
          {
            "name": "104228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104228"
          },
          {
            "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
          },
          {
            "name": "USN-3756-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3756-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-05-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-08T12:06:05.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
        },
        {
          "name": "TA18-141A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
        },
        {
          "name": "1042004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042004"
        },
        {
          "name": "1040949",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040949"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "name": "VU#180049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/180049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
        },
        {
          "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "DSA-4273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
        },
        {
          "name": "104228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104228"
        },
        {
          "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
        },
        {
          "name": "USN-3756-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3756-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-05-21T00:00:00",
          "ID": "CVE-2018-3640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "name": "TA18-141A",
              "refsource": "CERT",
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "1040949",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_23",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "VU#180049",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
              "refsource": "CONFIRM",
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "DSA-4273",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "name": "104228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104228"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "USN-3756-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3640",
    "datePublished": "2018-05-22T12:00:00.000Z",
    "dateReserved": "2017-12-28T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:31:35.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-01065

CVE-2018-3640 (GCVE-0-2018-3640)

Tags

Sightings

Nomenclature