icsa-17-180-01a
Vulnerability from csaf_cisa
Published
2017-06-29 00:00
Modified
2017-07-11 00:00
Summary
ICSA-17-180-01A_Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320 (Update A)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Maksim Malyutin from Embedi reported this issue to Intel.
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"names": [
"Maksim Malyutin"
],
"organization": "Embedi",
"summary": "reporting this issue to Intel"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "summary",
"text": "Maksim Malyutin from Embedi reported this issue to Intel.",
"title": "Summary"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "CISAservicedesk@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-17-180-01A JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-180-01a.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-17-180-01A Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-180-01a"
}
],
"title": "ICSA-17-180-01A_Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320 (Update A)",
"tracking": {
"current_release_date": "2017-07-11T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA USCert CSAF Generator",
"version": "1"
}
},
"id": "ICSA-17-180-01A",
"initial_release_date": "2017-06-29T00:00:00.000000Z",
"revision_history": [
{
"date": "2017-06-29T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-17-180-01 Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit (PCU), SIMOTION P320"
},
{
"date": "2017-07-11T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-17-180-01A Siemens products with Intel processors (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Intel Core i5 Intel Core i7 | Intel XEON",
"product": {
"name": "SINUMERIK Panel Control Unit (PCU): (Intel Core i5 Intel Core i7 and Intel XEON)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINUMERIK Panel Control Unit (PCU)"
},
{
"branches": [
{
"category": "product_version",
"name": "Intel Core i5 Intel Core i7 | Intel XEON",
"product": {
"name": "SIMATIC Industrial PCs: (Intel Core i5 Intel Core i7 and Intel XEON)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC Industrial PCs"
},
{
"branches": [
{
"category": "product_version",
"name": "Intel Core i5 Intel Core i7 | Intel XEON",
"product": {
"name": "SIMOTION P320: (Intel Core i5 Intel Core i7 and Intel XEON)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMOTION P320"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5689",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Unprivileged local or remote attackers can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT).CVE-2017-5689 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has provided firmware updates for the affected industrial PCs to address this vulnerability. These updates can be found on their web site at the following location:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"title": "CVE-2017-5689"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.