CVE-2017-5689

KEV
Published: Mag 02, 2017 Last Modified: Ott 22, 2025
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 10,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,9425
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

269

Improper Privilege Management

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Exploit

Intel Active Management Technology - System Privileges

Intel Active Management Technology - System Privileges

Author: nixawk Published:
View Exploit Code →
Operating System

Simatic Ipc627D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc627D Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_ipc627d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 9.0
cpe:2.3:o:intel:active_management_technology_firmware:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc547D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc547D Firmware
Version Range Affected
To 7.1.91.3272 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc547d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc547G Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc547G Firmware
Version Range Affected
To 11.0.26.3000 (exclusive)
cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc427E Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc427E Firmware
Version Range Affected
To 21.01.04 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc427e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc547E Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc547E Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_ipc547e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simotion P320-4 S Firmware by Siemens

Product Information
Vendor Siemens
Product Simotion P320-4 S Firmware
Version Range Affected
To 17.02.06.83.1 (exclusive)
cpe:2.3:o:siemens:simotion_p320-4_s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc827C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc827C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_ipc827c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 8.1
cpe:2.3:o:intel:active_management_technology_firmware:8.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc547D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc547D Firmware
Version Range Affected
To 7.1.91.3272 (exclusive)
cpe:2.3:o:siemens:simatic_ipc547d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc477D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc477D Firmware
Version -
cpe:2.3:o:siemens:simatic_ipc477d_firmware:-:*:*:*:pro:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 11.5
cpe:2.3:o:intel:active_management_technology_firmware:11.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc677D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc677D Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_ipc677d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc547G Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc547G Firmware
Version Range Affected
To 11.0.26.3000 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc547g_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 7.0
cpe:2.3:o:intel:active_management_technology_firmware:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc477D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc477D Firmware
Version -
cpe:2.3:o:siemens:simatic_pcs_7_ipc477d_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Sinumerik Pcu50.5-P Firmware by Siemens

Product Information
Vendor Siemens
Product Sinumerik Pcu50.5-P Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:sinumerik_pcu50.5-p_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Proliant Ml10 Gen9 Server Firmware by Hpe

Product Information
Vendor Hpe
Product Proliant Ml10 Gen9 Server Firmware
Version 5.0
cpe:2.3:o:hpe:proliant_ml10_gen9_server_firmware:5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc427E Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc427E Firmware
Version Range Affected
To 21.01.05 (exclusive)
cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 11.0
cpe:2.3:o:intel:active_management_technology_firmware:11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc827D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc827D Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_ipc827d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc627C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc627C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc627c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc647C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc647C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_ipc647c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc427E Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc427E Firmware
Version -
cpe:2.3:o:siemens:simatic_pcs_7_ipc427e_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc477E Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc477E Firmware
Version Range Affected
To 21.01.05 (exclusive)
cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 9.5
cpe:2.3:o:intel:active_management_technology_firmware:9.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc847C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc847C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc847c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Field Pg M5 Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Field Pg M5 Firmware
Version Range Affected
To 22.01.03 (exclusive)
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 11.6
cpe:2.3:o:intel:active_management_technology_firmware:11.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc547E Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc547E Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc547e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc647D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc647D Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc647d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Field Pg M3 Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Field Pg M3 Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_field_pg_m3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Field Pg M4 Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Field Pg M4 Firmware
Version Range Affected
To 18.01.06 (exclusive)
cpe:2.3:o:siemens:simatic_field_pg_m4_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc427D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc427D Firmware
Version -
cpe:2.3:o:siemens:simatic_ipc427d_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 9.1
cpe:2.3:o:intel:active_management_technology_firmware:9.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc647D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc647D Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc847C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc847C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_ipc847c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc647C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc647C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc647c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc627C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc627C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_ipc627c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc477D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc477D Firmware
Version -
cpe:2.3:o:siemens:simatic_ipc477d_firmware:-:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 7.1
cpe:2.3:o:intel:active_management_technology_firmware:7.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 6.0
cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 10.0
cpe:2.3:o:intel:active_management_technology_firmware:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 6.1
cpe:2.3:o:intel:active_management_technology_firmware:6.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 8.0
cpe:2.3:o:intel:active_management_technology_firmware:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc847D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc847D Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Ipc677C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Ipc677C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_ipc677c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Active Management Technology Firmware by Intel

Product Information
Vendor Intel
Product Active Management Technology Firmware
Version 6.2
cpe:2.3:o:intel:active_management_technology_firmware:6.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc677C Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc677C Firmware
Version Range Affected
To 6.2.61.3535 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc677c_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Itp1000 Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Itp1000 Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Simatic Pcs 7 Ipc847D Firmware by Siemens

Product Information
Vendor Siemens
Product Simatic Pcs 7 Ipc847D Firmware
Version Range Affected
To 9.1.41.3024 (exclusive)
cpe:2.3:o:siemens:simatic_pcs_7_ipc847d_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017…
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.…
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%2…
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-…
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLoca…
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
https://security-center.intel.com/advisory.aspx?intelid=INT…
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&language…
https://security.netapp.com/advisory/ntap-20170509-0001/
https://security.netapp.com/advisory/ntap-20170509-0001/
https://www.embedi.com/files/white-papers/Silent-Bob-is-Sil…
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
https://www.embedi.com/news/mythbusters-cve-2017-5689
https://www.embedi.com/news/mythbusters-cve-2017-5689
https://www.tenable.com/blog/rediscovering-the-intel-amt-vu…
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
http://www.oracle.com/technetwork/security-advisory/cpujul2…
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/98269
http://www.securityfocus.com/bid/98269
http://www.securitytracker.com/id/1038385
http://www.securitytracker.com/id/1038385
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.…
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%2…
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-…
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLoca…
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
https://security-center.intel.com/advisory.aspx?intelid=INT…
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&language…
https://security.netapp.com/advisory/ntap-20170509-0001/
https://security.netapp.com/advisory/ntap-20170509-0001/
https://www.embedi.com/files/white-papers/Silent-Bob-is-Sil…
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
https://www.embedi.com/news/mythbusters-cve-2017-5689
https://www.embedi.com/news/mythbusters-cve-2017-5689
https://www.tenable.com/blog/rediscovering-the-intel-amt-vu…
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
http://www.oracle.com/technetwork/security-advisory/cpujul2…
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/98269
http://www.securityfocus.com/bid/98269
http://www.securitytracker.com/id/1038385
http://www.securitytracker.com/id/1038385