Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
Conclusion & alert: CVE-2018-3658 is rated Moderate Risk (53.8/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 3.30%). Core evidence: EPSS rose +2.17% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 1.13% | 3.30% | +2.17% |
| 2 | 2025-11-21 | 1.96% | 1.13% | -0.83% |
| 3 | 2025-11-18 | — | 1.96% | — |
Full EPSS history (17 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.3 | 3.1 | MEDIUM |
|
3.9 | 1.4 | [email protected] |
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| siemens | simatic_field_pg_m5_firmware | < 22.01.06 | cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc427e_firmware | < 21.01.09 | cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc477e_firmware | < 21.01.09 | cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc547e_firmware | < r1.30.0 | cpe:2.3:o:siemens:simatic_ipc547e_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_pc547g_firmware | < r1.23.0 | cpe:2.3:o:siemens:simatic_pc547g_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc627d_firmware | < 19.02.11 | cpe:2.3:o:siemens:simatic_ipc627d_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc647d_firmware | < 19.01.14 | cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc677d_firmware | < 19.02.11 | cpe:2.3:o:siemens:simatic_ipc677d_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc827d_firmware | < 19.02.11 | cpe:2.3:o:siemens:simatic_ipc827d_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_ipc847d_firmware | < 19.01.14 | cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:* |
| siemens | simatic_itp1000_firmware | < 23.01.04 | cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:* |
| intel | converged_security_management_engine_firmware | >= 11.0.0, < 12.0.5 | cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:* |
| intel | active_management_technology_firmware | < 12.0.5 | cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:* |
| intel | manageability_engine_firmware | >= 9.0.0.0, < 11.0 | cpe:2.3:o:intel:manageability_engine_firmware:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106996 | Third Party Advisory VDB Entry |
| https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf | Patch Third Party Advisory |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05 | Third Party Advisory US Government Resource |
| https://security.netapp.com/advisory/ntap-20180924-0003/ | Third Party Advisory |
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us | Third Party Advisory |
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html | Vendor Advisory |