var-201809-1075
Vulnerability from variot
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. Intel CSME The firmware contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens Products are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. A denial-of-service vulnerability 3. A side channel attack information disclosure vulnerability Attackers can exploit these issues to execute arbitrary code within the context of an affected device or obtain sensitive information or cause a denial-of-service condition. The following Siemens products are affected: SIMATIC FieldPG M5 All versions prior to 22.01.06, SIMATIC IPC427E All versions prior to 21.01.09, SIMATIC IPC477E All versions prior to 21.01.09, SIMATIC IPC547E All versions prior to R1.30.0, SIMATIC IPC547G All versions prior to R1.23.0, SIMATIC IPC627D All versions prior to 19.02.11, SIMATIC IPC647D All versions prior to 19.01.14, SIMATIC IPC677D All versions prior to 19.02.11, SIMATIC IPC827D All versions prior to 19.02.11, SIMATIC IPC847D All versions prior to 19.01.14, and SIMATIC ITP1000 All versions prior to 23.01.04. Intel CSME is a converged security management engine developed by Intel Corporation. Intel AMT is one of the active management technology modules. An attacker could cause a denial of service (memory leak) by exploiting this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "9.0.0.0"
},
{
"model": "simatic ipc627d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "simatic ipc647d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.01.14"
},
{
"model": "simatic ipc827d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "simatic ipc477e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.5"
},
{
"model": "simatic field pg m5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "22.01.06"
},
{
"model": "simatic ipc547e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "r1.30.0"
},
{
"model": "simatic itp1000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "23.01.04"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0.0"
},
{
"model": "simatic pc547g",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "r1.23.0"
},
{
"model": "simatic ipc847d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.01.14"
},
{
"model": "simatic ipc427e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.5"
},
{
"model": "manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "simatic ipc677d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "csme",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "12.0.5"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "simatic itp1000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc847d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc827d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc677d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc647d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc627d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc547g",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc547e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc477e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc427e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic fieldpg m5",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc847d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v19.01.14"
},
{
"model": "simatic ipc827d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v19.02.11"
},
{
"model": "simatic ipc677d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v19.01.11"
},
{
"model": "simatic ipc647d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v19.01.14"
},
{
"model": "simatic ipc627d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v19.02.11"
},
{
"model": "simatic ipc547g r1.23.0",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc547e r1.30.0",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc477e",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v21.01.09"
},
{
"model": "simatic ipc427e",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v21.01.09"
},
{
"model": "simatic fieldpg m5",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v22.01.06"
}
],
"sources": [
{
"db": "BID",
"id": "106996"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.01.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc547e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r1.30.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_pc547e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_pc547g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r1.23.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc627d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.02.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc627d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.01.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc677d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.02.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc677d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc827d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.02.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc827d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.01.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.01.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:manageability_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.5",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3658"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-3658",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-133689",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-3658",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3658",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-604",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133689",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. Intel CSME The firmware contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens Products are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. A denial-of-service vulnerability\n3. A side channel attack information disclosure vulnerability\nAttackers can exploit these issues to execute arbitrary code within the context of an affected device or obtain sensitive information or cause a denial-of-service condition. \nThe following Siemens products are affected:\nSIMATIC FieldPG M5 All versions prior to 22.01.06,\nSIMATIC IPC427E All versions prior to 21.01.09,\nSIMATIC IPC477E All versions prior to 21.01.09,\nSIMATIC IPC547E All versions prior to R1.30.0,\nSIMATIC IPC547G All versions prior to R1.23.0,\nSIMATIC IPC627D All versions prior to 19.02.11,\nSIMATIC IPC647D All versions prior to 19.01.14,\nSIMATIC IPC677D All versions prior to 19.02.11,\nSIMATIC IPC827D All versions prior to 19.02.11,\nSIMATIC IPC847D All versions prior to 19.01.14, and\nSIMATIC ITP1000 All versions prior to 23.01.04. Intel CSME is a converged security management engine developed by Intel Corporation. Intel AMT is one of the active management technology modules. An attacker could cause a denial of service (memory leak) by exploiting this vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "BID",
"id": "106996"
},
{
"db": "VULHUB",
"id": "VHN-133689"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3658",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-05",
"trust": 2.8
},
{
"db": "BID",
"id": "106996",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-377318",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-604",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0444",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-133689",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133689"
},
{
"db": "BID",
"id": "106996"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"id": "VAR-201809-1075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-133689"
}
],
"trust": 0.5904479499999999
},
"last_update_date": "2023-12-18T13:18:58.569000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00141",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
},
{
"title": "Intel CSME Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84863"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133689"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "NVD",
"id": "CVE-2018-3658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-05"
},
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/106996"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03876en_us"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3658"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3658"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75474"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03876en_us"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133689"
},
{
"db": "BID",
"id": "106996"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-133689"
},
{
"db": "BID",
"id": "106996"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-133689"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106996"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"date": "2018-09-12T19:29:02.967000",
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-133689"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106996"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013145"
},
{
"date": "2023-08-17T17:43:39.500000",
"db": "NVD",
"id": "CVE-2018-3658"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel CSME Firmware resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013145"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-604"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.