CVE-2020-8704 — MEDIUM (6.4)

Q: What is CVE-2020-8704?

CVE-2020-8704 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Q: How severe is CVE-2020-8704?

CVE-2020-8704 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8704?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Local Manageability Service, Siemens Simatic Field Pg M5 Firmware, Siemens Simatic Field Pg M5, Siemens Simatic Field Pg M6 Firmware, Siemens Simatic Field Pg M6.

Vulnerability Description

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Intel	Local Manageability Service	< 2039.1.0.0
Siemens	Simatic Field Pg M5 Firmware	All versions
Siemens	Simatic Field Pg M5	-
Siemens	Simatic Field Pg M6 Firmware	All versions
Siemens	Simatic Field Pg M6	-
Siemens	Simatic Ipc427E Firmware	All versions
Siemens	Simatic Ipc427E	-
Siemens	Simatic Ipc477E Firmware	All versions
Siemens	Simatic Ipc477E	-
Siemens	Simatic Ipc477E Pro Firmware	All versions
Siemens	Simatic Ipc477E Pro	-
Siemens	Simatic Ipc527G Firmware	All versions
Siemens	Simatic Ipc527G	-
Siemens	Simatic Ipc547G Firmware	All versions
Siemens	Simatic Ipc547G	-
Siemens	Simatic Ipc627E Firmware	< 25.02.10
Siemens	Simatic Ipc627E	-
Siemens	Simatic Ipc647E Firmware	< 25.02.10
Siemens	Simatic Ipc647E	-
Siemens	Simatic Ipc677E Firmware	< 25.02.10

Related Weaknesses (CWE)

CWE-362

References

https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.Vendor Advisory

FAQ

What is CVE-2020-8704?

CVE-2020-8704 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

How severe is CVE-2020-8704?

CVE-2020-8704 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8704?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Local Manageability Service, Siemens Simatic Field Pg M5 Firmware, Siemens Simatic Field Pg M5, Siemens Simatic Field Pg M6 Firmware, Siemens Simatic Field Pg M6.