CVE & CISA-KEV Catalog

CVE-2020-8745

MEDIUM
6.8
CVSS v3
NVD

Description

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

How to fix

Remediation Available
converged security and manageability engineNVD
Affected:>= 14.5.0, < 14.5.25Fixed in:14.5.25CVE-2020-8745derived from NVD
simatic drive controller firmwareNVD
Affected:< 05.00.01.00Fixed in:05.00.01.00CVE-2020-8745derived from NVD
simatic et200sp 1515sp pc2 firmwareNVD
Affected:< 0209.0105Fixed in:0209.0105CVE-2020-8745derived from NVD
simatic field pg m5 firmwareNVD
Affected:< 22.01.08Fixed in:22.01.08CVE-2020-8745derived from NVD
simatic ipc127e firmwareNVD
Affected:< 27.01.05Fixed in:27.01.05CVE-2020-8745derived from NVD
simatic ipc427e firmwareNVD
Affected:< 27.01.05Fixed in:27.01.05CVE-2020-8745derived from NVD
simatic ipc477e firmwareNVD
Affected:< 21.01.15Fixed in:21.01.15CVE-2020-8745derived from NVD
simatic ipc527g firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2020-8745derived from NVD
simatic ipc547g firmwareNVD
Affected:< r1.30.0Fixed in:r1.30.0CVE-2020-8745derived from NVD
simatic ipc627e firmwareNVD
Affected:< 25.02.08Fixed in:25.02.08CVE-2020-8745derived from NVD
simatic ipc647e firmwareNVD
Affected:< 25.02.08Fixed in:25.02.08CVE-2020-8745derived from NVD
simatic ipc667e firmwareNVD
Affected:< 25.02.08Fixed in:25.02.08CVE-2020-8745derived from NVD
simatic ipc847e firmwareNVD
Affected:< 25.02.08Fixed in:25.02.08CVE-2020-8745derived from NVD
simatic itp1000 firmwareNVD
Affected:< 23.01.08Fixed in:23.01.08CVE-2020-8745derived from NVD
sinumerik 828d hw pu.4 firmwareNVD
Affected:< 08.00.00.00Fixed in:08.00.00.00CVE-2020-8745derived from NVD
sinumerik mc mcu 1720 firmwareNVD
Affected:< 05.00.00.00Fixed in:05.00.00.00CVE-2020-8745derived from NVD
sinumerik one ncu 1740 firmwareNVD
Affected:< 04.00.00.00Fixed in:04.00.00.00CVE-2020-8745derived from NVD
sinumerik one ppu 1740 firmwareNVD
Affected:< 06.00.00.00Fixed in:06.00.00.00CVE-2020-8745derived from NVD
trusted execution technologyNVD
Affected:>= 4.0, < 4.0.30Fixed in:4.0.30CVE-2020-8745derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.38%probability of exploitation in 30 days
30thpercentile

Low risk: more likely to be exploited than 30% of all known CVEs.

References

Embed a live status badge for CVE-2020-8745
CVE-2020-8745 severity badge

Markdown

[![CVE-2020-8745](https://tridentstack.com/cve/badge/CVE-2020-8745.svg)](https://tridentstack.com/cve/CVE-2020-8745)

HTML

<a href="https://tridentstack.com/cve/CVE-2020-8745"><img src="https://tridentstack.com/cve/badge/CVE-2020-8745.svg" alt="CVE-2020-8745"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-03-28.