Siemens recommends limiting the possibilities to run untrusted code if possible. As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems.Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk: Siemens reported these vulnerabilities to CISA. CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 6.7 has been assigned the CVSS vector string is ( AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to enable escalation of privilege via local access.ĬVE-2020-0591 has been assigned to this vulnerability. 3.2.2 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS CWE-119 A CVSS v3 base score of 7.8 has been assigned the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Improper initialization in subsystem for Intel(R) CSME may allow a privileged user to enable escalation of privilege via local access.ĬVE-2020-8744 has been assigned to this vulnerability.
SIMATIC S7-15F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0): All versionsģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INITIALIZATION CWE-665.
The following versions of SIMATIC S7-15-4, are affected by vulnerabilities in Intel products: Successful exploitation of these Intel product vulnerabilities could allow unauthorized privilege escalation.