Foreshadow vulnerabilities spread to Siemens Industrial Products – Nov 2018

Preface: Intel Software Guard Extensions (SGX) is a set of central processing unit instruction codes from Intel that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels.

SGX design limitation:
L1 Terminal Fault aka Foreshadow found in August 2018. Foreshadow enables an attacker to extract SGX sealing keys, previously sealed data can be modified and re-seal.

The Foreshadow / L1-terminal-fault attack were assigned the following CVE numbers:
CVE-2018-3615 for attacking SGX.
CVE-2018-3620 for attacking the OS Kernel and SMM mode.
CVE-2018-3646 for attacking virtual machines.


Regarding to this vulnerability. Siemens Security Advisory by Siemens Product has following announcement to their product. For more details, please see below: