What is CVE-2018-3658?

CVE-2018-3658 is a vulnerability in Intel AMT in Intel CSME firmware versions before 12.0.5 that may allow an unauthenticated user to cause a denial of service.

What is the severity of CVE-2018-3658?

The severity of CVE-2018-3658 is medium with a CVSS score of 5.3.

Which software versions are affected by CVE-2018-3658?

Siemens Simatic Field Pg M5 Firmware up to version 22.01.06, Siemens Simatic Ipc427e Firmware up to version 21.01.09, Siemens Simatic Ipc477e Firmware up to version 21.01.09, Siemens Simatic Ipc547e Firmware up to version r1.30.0, Siemens Simatic Pc547g Firmware up to version r1.23.0, Siemens Simatic Ipc627d Firmware up to version 19.02.11, Siemens Simatic Ipc647d Firmware up to version 19.01.14, Siemens Simatic Ipc677d Firmware up to version 19.02.11, Siemens Simatic Ipc827d Firmware up to version 19.02.11, Siemens Simatic Ipc847d Firmware up to version 19.01.14, and Intel Converged Security Management Engine Firmware up to version 12.0.5, Intel Active Management Technology Firmware up to version 12.0.5, and Intel Manageability Engine Firmware up to version 11.0.

How can an unauthenticated user exploit CVE-2018-3658?

An unauthenticated user with Intel AMT provisioned can exploit CVE-2018-3658 via network access to cause a partial denial of service.

Where can I find more information about CVE-2018-3658?

You can find more information about CVE-2018-3658 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/106996), [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf), and [ICS-CERT](https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05).

Vulnerability/
CVE-2018-3658

medium

5.3

CWE

772

12/9/2018

17/8/2023

CVE-2018-3658

First published: Wed Sep 12 2018(Updated: )

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

Credit: secure@intel.com secure@intel.com

Affected Software	Affected Version	How to fix
Siemens Simatic Field Pg M5 Firmware	<22.01.06
Siemens Simatic Field Pg M5
Siemens Simatic Ipc427e Firmware	<21.01.09
Siemens Simatic Ipc427e
Siemens Simatic Ipc477e Firmware	<21.01.09
Siemens Simatic Ipc477e
Siemens Simatic Ipc547e Firmware	<r1.30.0
Siemens Simatic Pc547e
Siemens Simatic Pc547g Firmware	<r1.23.0
Siemens Simatic Ipc547g
Siemens Simatic Ipc627d Firmware	<19.02.11
Siemens Simatic Ipc627d
Siemens Simatic Ipc647d Firmware	<19.01.14
Siemens Simatic Ipc647d
Siemens Simatic Ipc677d Firmware	<19.02.11
Siemens Simatic Ipc677d
Siemens Simatic Ipc827d Firmware	<19.02.11
Siemens Simatic Ipc827d
Siemens Simatic Ipc847d Firmware	<19.01.14
Siemens Simatic Ipc847d
Siemens Simatic Itp1000 Firmware	<23.01.04
Siemens Simatic Itp1000
Intel Converged Security Management Engine Firmware	>=11.0.0<12.0.5
Intel Active Management Technology Firmware	<12.0.5
Intel Manageability Engine Firmware	>=9.0.0.0<11.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-3658?
CVE-2018-3658 is a vulnerability in Intel AMT in Intel CSME firmware versions before 12.0.5 that may allow an unauthenticated user to cause a denial of service.
What is the severity of CVE-2018-3658?
The severity of CVE-2018-3658 is medium with a CVSS score of 5.3.
Which software versions are affected by CVE-2018-3658?
Siemens Simatic Field Pg M5 Firmware up to version 22.01.06, Siemens Simatic Ipc427e Firmware up to version 21.01.09, Siemens Simatic Ipc477e Firmware up to version 21.01.09, Siemens Simatic Ipc547e Firmware up to version r1.30.0, Siemens Simatic Pc547g Firmware up to version r1.23.0, Siemens Simatic Ipc627d Firmware up to version 19.02.11, Siemens Simatic Ipc647d Firmware up to version 19.01.14, Siemens Simatic Ipc677d Firmware up to version 19.02.11, Siemens Simatic Ipc827d Firmware up to version 19.02.11, Siemens Simatic Ipc847d Firmware up to version 19.01.14, and Intel Converged Security Management Engine Firmware up to version 12.0.5, Intel Active Management Technology Firmware up to version 12.0.5, and Intel Manageability Engine Firmware up to version 11.0.
How can an unauthenticated user exploit CVE-2018-3658?
An unauthenticated user with Intel AMT provisioned can exploit CVE-2018-3658 via network access to cause a partial denial of service.
Where can I find more information about CVE-2018-3658?
You can find more information about CVE-2018-3658 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/106996), [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf), and [ICS-CERT](https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-api
collector/nvd-index
vendor/siemens
canonical/siemens simatic field pg m5 firmware
canonical/siemens simatic field pg m5
canonical/siemens simatic ipc427e firmware
canonical/siemens simatic ipc427e
canonical/siemens simatic ipc477e firmware
canonical/siemens simatic ipc477e
canonical/siemens simatic ipc547e firmware
canonical/siemens simatic pc547e
canonical/siemens simatic pc547g firmware
canonical/siemens simatic ipc547g
canonical/siemens simatic ipc627d firmware
canonical/siemens simatic ipc627d
canonical/siemens simatic ipc647d firmware
canonical/siemens simatic ipc647d
canonical/siemens simatic ipc677d firmware
canonical/siemens simatic ipc677d
canonical/siemens simatic ipc827d firmware
canonical/siemens simatic ipc827d
canonical/siemens simatic ipc847d firmware
canonical/siemens simatic ipc847d
canonical/siemens simatic itp1000 firmware
canonical/siemens simatic itp1000
vendor/intel
canonical/intel converged security management engine firmware
version/intel converged security management engine firmware/11.0.0
canonical/intel active management technology firmware
canonical/intel manageability engine firmware
version/intel manageability engine firmware/9.0.0.0