CVE-2018-3616

Published Sep 12, 2018
Last updated a year ago
CVSS medium 5.9
Overview

Description: Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
Source: secure@intel.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C23AFAB4-B286-4FD6-ABC3-86B2881E271C",
            "versionEndExcluding": "12.0.5",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5FAD938-027A-406F-9E7C-1BFD992839F4",
            "versionEndExcluding": "12.0.5"
          },
          {
            "criteria": "cpe:2.3:o:intel:manageability_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63591E72-6038-4417-BA10-54180507AF0F",
            "versionEndExcluding": "11.0",
            "versionStartIncluding": "9.0.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "506DEE00-30D2-4E29-9645-757EB8778C0F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "503E551C-FC5F-4ABC-8DEA-E360701F0B33",
            "versionEndExcluding": "22.01.06"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A40D0CDB-7BE6-491F-B730-3B4E10CA159A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33F546AF-8F80-4E0A-9B92-86E3A1F931C0",
            "versionEndExcluding": "21.01.09"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDF9D4C3-1892-48FA-95B4-835B636A4005"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B5B6E6B-16A0-4236-AABE-82385B53EC78",
            "versionEndExcluding": "21.01.09"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_pc547e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F6A757F1-E478-4A3D-8D5F-C996E176A11A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc547e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D476D093-4A97-499C-B40D-7A301BC9AA2E",
            "versionEndExcluding": "r1.30.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_pc547g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30F129DB-51AC-4F40-A0D1-AB5CF90D9C2D",
            "versionEndExcluding": "r1.23.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9EB339B5-602F-4AB5-9998-465FDC6ABD6C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc627d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "790D244A-AC3D-4BBC-9139-A90048FD375A",
            "versionEndExcluding": "19.02.11"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc627d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "509AD120-3465-4C00-AAB3-B6F6ED708B51"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C046182-BB33-41D0-B041-1566B8041917",
            "versionEndExcluding": "19.01.14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D0EF28FB-BAB3-4710-9D25-25F67ACADC60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc677d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DE74300-E061-452E-AD1D-6DD7C2C62729",
            "versionEndExcluding": "19.02.11"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc677d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "057D9947-CE4A-4B4C-B721-4B29FB71350C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc827d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6D87239-40C1-4038-B734-D77AC4DDD571"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc827d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE4A7C13-6F81-4629-9C28-9202028634AE",
            "versionEndExcluding": "19.02.11"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D8F37D88-E086-4060-8420-BD0F8D8FF580"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93485235-481B-4BAF-BB7A-81BB5AA1BC53",
            "versionEndExcluding": "19.01.14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "187C6D51-5B86-484D-AE0F-26D1C9465580"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD949046-46E5-48C9-883B-92F04926E8BC",
            "versionEndExcluding": "23.01.04"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
