Rewterz Threat Advisory – ICS: Siemens Industrial Products Intel CPUs Vulnerabilities

Severity

High

Analysis Summary

CVE-2020-8670

A race condition in the firmware for some Intel processors may allow a privileged user to enable escalation of privilege via local access.

CVE-2020-8703

Improper buffer restrictions in a subsystem in the Intel CSME versions prior to 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, and 15.0.22 may allow a privileged user to enable escalation of privilege via local access.

CVE-2020-8704

A race condition in a subsystem in the Intel LMS versions prior to 2039.1.0.0 may allow a privileged user to enable escalation of privilege via local access.

CVE-2020-12357

Improper initialization in the firmware for some Intel processors may allow a privileged user to enable escalation of privilege via local access.

CVE-2020-12358

An out-of-bounds write in the firmware for some Intel processors may allow a privileged user to cause a denial-of-service condition via local access.

CVE-2020-12360

An out-of-bounds read in the firmware for some Intel processors may allow an authenticated user to enable an escalation of privilege via local access.

CVE-2020-24486

Improper input validation in the firmware for some Intel processors may allow an authenticated user to potentially enable a denial of service via local access.

CVE-2020-24506

Out-of-bounds read in a subsystem in the Intel CSME versions prior to 12.0.81, 13.0.47, 13.30.17, 14.1.53, and 14.5.32 may allow a privileged user to enable information disclosure via local access.

CVE-2020-24507

Improper initialization in a subsystem in the Intel CSME versions prior 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11, and 15.0.22 may allow a privileged user to enable information disclosure via local access.

CVE-2020-24511

Improper isolation of shared resources in some Intel processors may allow an authenticated user to enable information disclosure via local access.

CVE-2020-24512

An observable timing discrepancy in some Intel processors may allow an authenticated user to enable information disclosure via local access.

CVE-2020-24513

A domain-bypass transient execution vulnerability in some Intel Atom processors may allow an authenticated user to enable information disclosure via local access.

Impact

• Denial of Services
• Information Disclosure
• Unauthorized Access
• Privilege Escalation
• Configuration change.

Affected Vendors

• Siemens

Affected Products

• SIMATIC Drive Controller Family: All versions
• SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions
• SIMATIC Field PG M5: All versions
• SIMATIC Field PG M6: All versions
• SIMATIC IPC127E: All versions
• SIMATIC IPC427E: All versions
• SIMATIC IPC477E: All versions
• SIMATIC IPC477E Pro: All versions
• SIMATIC IPC527GE: All versions
• SIMATIC IPC547G: All versions
• SIMATIC IPC627E: All versions
• SIMATIC IPC647E: All versions
• SIMATIC IPC677E: All versions
• SIMATIC IPC847E: All BIOS versions prior to v25.02.10
• SIMATIC ITP1000: All versions
• SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP (MLFB: 6ES7518-4FX00-1AC0): All versions
• SINUMERIK 828D HW PPU.4: All versions
• SINUMERIK MC MCU 1720: All versions
• SINUMERIK ONE /
• SINUMERIK 840D sl Handheld Terminal HT 10: All versions
• SINUMERIK ONE PPU 1740: All versions
• SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant): All versions

Remediation

Refer to vendor advisory for the complete list of affected products and their respective patches at

https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf