Vulnerabilites related to siemens - simatic_ipc277g_firmware
Vulnerability from fkie_nvd
Published
2022-02-03 02:15
Modified
2024-11-21 06:27
Summary
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0BA9E3E-930F-4EE7-B652-8746B2E3D7EE",
                     versionEndExcluding: "5.08.42",
                     versionStartIncluding: "5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4803E0A-D93A-4863-B9F6-378C3D73F743",
                     versionEndExcluding: "5.16.42",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "65D09B40-7B64-4890-AEA5-AE1EB5201CA1",
                     versionEndExcluding: "5.26.42",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E38FAADD-CEC5-421F-BBD7-1152B95B2A10",
                     versionEndExcluding: "5.35.42",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5536AD0D-EE19-41C7-BC57-69EAF77D6E8C",
                     versionEndExcluding: "5.42.51",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C140942E-1DC5-4491-8BB6-7FF6960A216D",
                     versionEndExcluding: "5.50.51",
                     versionStartIncluding: "5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "324ADC7E-AECD-4B7D-8571-5399542C2BF6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "480C5657-5C05-40F5-B76A-E67119727ED8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AEB5AD1-3973-4150-BEA2-C9DE0B98222F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3F52F29-0ACF-4ECC-927A-0CB27399E5D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F203C449-2B5C-47A1-BF3D-8DCFD29F0B18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A37FB5EC-BB64-472C-81FC-8EEF238E3C12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "45013BCA-3897-4D58-81FA-D8CB9D19268C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6422BF3-01B7-443B-BD2B-80E45D7C3F5F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "696F47E6-C1CA-4A58-A91F-4B3EA92954AF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F712060C-ECDB-4BC7-B9B9-468B41DE615B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D511C170-65E5-416D-B7CE-557A503F25AE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "577C19F5-82ED-46DF-91CC-A074DE99EBDD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEF4592C-5DB3-45F4-B354-59701BBA0C08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABE0A54C-AEB3-4B1D-AD5D-F9239709B052",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B89A6863-B602-4404-8D26-337FECABFFF0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en InsydeH2O con el Kernel versión 5.0 antes de 05.08.42, el Kernel 5.1 antes de 05.16.42, el Kernel versión 5.2 antes de 05.26.42, el Kernel versión 5.3 antes de 05.35.42, el Kernel versión 5.4 antes de 05.42.51 y el Kernel versión 5.5 antes de 05.50.51. Una vulnerabilidad de corrupción de memoria SMM en FvbServicesRuntimeDxe permite a un posible atacante escribir datos fijos o predecibles en la SMRAM. La explotación de este problema podría llevar a escalar privilegios a SMM.",
      },
   ],
   id: "CVE-2021-42554",
   lastModified: "2024-11-21T06:27:47.840",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.5,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-03T02:15:07.380",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0007/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022012",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022012",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-03 02:15
Modified
2024-11-21 06:26
Summary
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4803E0A-D93A-4863-B9F6-378C3D73F743",
                     versionEndExcluding: "5.16.42",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "65D09B40-7B64-4890-AEA5-AE1EB5201CA1",
                     versionEndExcluding: "5.26.42",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E38FAADD-CEC5-421F-BBD7-1152B95B2A10",
                     versionEndExcluding: "5.35.42",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18B07541-9DA8-41A0-9D69-861C159AB6AA",
                     versionEndExcluding: "5.43.42",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F835C39-35FE-45F8-9314-C7E072F3627D",
                     versionEndExcluding: "5.51.42",
                     versionStartIncluding: "5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "324ADC7E-AECD-4B7D-8571-5399542C2BF6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "480C5657-5C05-40F5-B76A-E67119727ED8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AEB5AD1-3973-4150-BEA2-C9DE0B98222F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3F52F29-0ACF-4ECC-927A-0CB27399E5D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F203C449-2B5C-47A1-BF3D-8DCFD29F0B18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A37FB5EC-BB64-472C-81FC-8EEF238E3C12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "45013BCA-3897-4D58-81FA-D8CB9D19268C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6422BF3-01B7-443B-BD2B-80E45D7C3F5F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "696F47E6-C1CA-4A58-A91F-4B3EA92954AF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F712060C-ECDB-4BC7-B9B9-468B41DE615B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D511C170-65E5-416D-B7CE-557A503F25AE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "577C19F5-82ED-46DF-91CC-A074DE99EBDD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEF4592C-5DB3-45F4-B354-59701BBA0C08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en SdHostDriver en el kernel versión 5.0 hasta la versión 5.5 en InsydeH2O. Hay una llamada SMM que permite a un atacante acceder al modo de gestión del sistema y ejecutar código arbitrario. Esto ocurre debido a una comparación de rango numérico sin una comprobación mínima.",
      },
   ],
   id: "CVE-2021-41838",
   lastModified: "2024-11-21T06:26:51.543",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.5,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-03T02:15:07.080",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0001/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022023",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022023",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-03 02:15
Modified
2024-11-21 06:09
Summary
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "95221F93-8BE6-47E3-BFB4-E7603C320F0D",
                     versionEndExcluding: "5.08.29",
                     versionStartIncluding: "5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26CDAE4-0D04-4EB2-8A8C-CDEBDF8BA38C",
                     versionEndExcluding: "5.16.29",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0546FD8-0648-46EB-893F-411F869077E5",
                     versionEndExcluding: "5.26.29",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "89966555-5DD1-4C61-B3B2-7AF7AF7D24D9",
                     versionEndExcluding: "5.35.29",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "324ADC7E-AECD-4B7D-8571-5399542C2BF6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "480C5657-5C05-40F5-B76A-E67119727ED8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AEB5AD1-3973-4150-BEA2-C9DE0B98222F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3F52F29-0ACF-4ECC-927A-0CB27399E5D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F203C449-2B5C-47A1-BF3D-8DCFD29F0B18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A37FB5EC-BB64-472C-81FC-8EEF238E3C12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "45013BCA-3897-4D58-81FA-D8CB9D19268C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6422BF3-01B7-443B-BD2B-80E45D7C3F5F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "696F47E6-C1CA-4A58-A91F-4B3EA92954AF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F712060C-ECDB-4BC7-B9B9-468B41DE615B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D511C170-65E5-416D-B7CE-557A503F25AE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "577C19F5-82ED-46DF-91CC-A074DE99EBDD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEF4592C-5DB3-45F4-B354-59701BBA0C08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en InsydeH2O versión 5.x, que afecta a FwBlockServiceSmm. Los servicios SMI de software que utilizan la función Communicate() del EFI_SMM_COMMUNICATION_PROTOCOL no comprueban si la dirección del búfer es válida, lo que permite el uso de direcciones SMRAM, MMIO o del núcleo del SO",
      },
   ],
   id: "CVE-2021-33627",
   lastModified: "2024-11-21T06:09:13.607",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.5,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-03T02:15:06.983",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022022",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022022",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-03 02:15
Modified
2024-11-21 06:27
Summary
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A64DE17F-735B-490B-A4AD-8606684DDB5D",
                     versionEndExcluding: "5.08.41",
                     versionStartIncluding: "5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EE9D6D0-77EF-41CE-ACB2-A43B0543F9C7",
                     versionEndExcluding: "5.16.41",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADDAD8E2-7468-4D96-8A9F-8C2BB0E8EACB",
                     versionEndExcluding: "5.26.41",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AF0CD01-CD57-41D5-9827-437F0683E13B",
                     versionEndExcluding: "5.35.41",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "612CCC25-B065-44F6-A531-E310A2A1B9A6",
                     versionEndExcluding: "5.42.20",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "324ADC7E-AECD-4B7D-8571-5399542C2BF6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "480C5657-5C05-40F5-B76A-E67119727ED8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AEB5AD1-3973-4150-BEA2-C9DE0B98222F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3F52F29-0ACF-4ECC-927A-0CB27399E5D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F203C449-2B5C-47A1-BF3D-8DCFD29F0B18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A37FB5EC-BB64-472C-81FC-8EEF238E3C12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "45013BCA-3897-4D58-81FA-D8CB9D19268C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6422BF3-01B7-443B-BD2B-80E45D7C3F5F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "696F47E6-C1CA-4A58-A91F-4B3EA92954AF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F712060C-ECDB-4BC7-B9B9-468B41DE615B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D511C170-65E5-416D-B7CE-557A503F25AE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "577C19F5-82ED-46DF-91CC-A074DE99EBDD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEF4592C-5DB3-45F4-B354-59701BBA0C08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en el Kernel versión 5.0 de InsydeH2O antes de 05.08.41, el Kernel versión 5.1 antes de 05.16.41, el Kernel versión 5.2 antes de 05.26.41, el Kernel versión 5.3 antes de 05.35.41 y el Kernel versión 5.4 antes de 05.42.20. Un desbordamiento del búfer basado en la pila conduce a la ejecución de código arbitrario en el controlador UEFI DisplayTypeDxe DXE",
      },
   ],
   id: "CVE-2021-42059",
   lastModified: "2024-11-21T06:27:09.830",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-03T02:15:07.250",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0008/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022006",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022006",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-16 16:15
Modified
2024-11-21 05:21
Summary
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A8D4515-2E1D-4C69-B561-6F42B54FFD74",
                     versionEndExcluding: "5.34.44",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38BBAD45-A06D-41D6-A1CC-5AD560E9DCB8",
                     versionEndExcluding: "5.25.44",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "816E66FC-0597-4442-9257-69B97D27D815",
                     versionEndExcluding: "5.16.25",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A889306B-C22C-4F29-BDBC-08B86252A584",
                     versionEndExcluding: "5.42.44",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C47A7464-4682-474D-B094-CB6F2BD3B6B4",
                     versionEndExcluding: "5.35.25",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AECE476-8649-4928-9702-9E9737E1A764",
                     versionEndExcluding: "5.26.25",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C8173E6-4FED-481D-BF5E-3CABDF13CA61",
                     versionEndExcluding: "5.43.25",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E08DFAD2-130C-4B75-B7EF-602C4B3324F0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD56E8B2-232B-4E1C-BB3F-41B0C1E31D7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75AE72A3-05C6-4564-81CC-67865D03D106",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC5341D-9982-4F18-9C8D-2912DDB8EF9A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "846EE524-BC53-4DE5-81C5-6B5EB2DD8BEA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED11E5B-E60C-4359-B87C-E373DED77677",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1865061F-CF02-410B-B01B-2088F7104867",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "68215EEF-243A-4B02-BEAB-C162A3564D60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "62751FE8-48D7-4D7B-A7DD-4977DE539660",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EC3A82C-1380-4B21-BB17-3760A0B6A027",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2558478-44E0-4D42-A6DC-D4262D15A92A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AD30972-8CE2-46B4-A4B8-B209F6B616AC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFFA7953-DC4C-489A-B5A4-B832FAF3C143",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AC414E9-5DBD-4D60-B0EA-6FB48207B628",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "193BF353-5D85-4F2E-94D0-329ED823FF07",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8CE311F-98F9-4E58-9E52-BAFAF87C0819",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "64538703-AE66-4D4A-B4A1-C88039B9543D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).",
      },
      {
         lang: "es",
         value: "En el kernel de Insyde InsydeH2O 5.x, algunos controladores SMM no validaban correctamente los parámetros CommBuffer y CommBufferSize, lo que permitía a los llamantes corromper el firmware o la memoria del sistema operativo. Las versiones corregidas para este problema en los controladores AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe y SdMcDeviceDxe son 05.16.25, 05.26.25, 05.35.25, 05.43.25 y 05.51.25 (para los núcleos 5.1 a 5.5)",
      },
   ],
   id: "CVE-2020-27339",
   lastModified: "2024-11-21T05:21:01.897",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-16T16:15:07.897",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0005/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2021001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2021001",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-03 02:15
Modified
2024-11-21 06:26
Summary
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A64DE17F-735B-490B-A4AD-8606684DDB5D",
                     versionEndExcluding: "5.08.41",
                     versionStartIncluding: "5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EE9D6D0-77EF-41CE-ACB2-A43B0543F9C7",
                     versionEndExcluding: "5.16.41",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADDAD8E2-7468-4D96-8A9F-8C2BB0E8EACB",
                     versionEndExcluding: "5.26.41",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AF0CD01-CD57-41D5-9827-437F0683E13B",
                     versionEndExcluding: "5.35.41",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA61A73-A290-493E-A797-1A7E7AF0BDE5",
                     versionEndExcluding: "5.43.41",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CB4ED22-F39A-45BD-B748-5C67D0BEEF53",
                     versionEndExcluding: "5.51.41",
                     versionStartIncluding: "5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "324ADC7E-AECD-4B7D-8571-5399542C2BF6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "480C5657-5C05-40F5-B76A-E67119727ED8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AEB5AD1-3973-4150-BEA2-C9DE0B98222F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3F52F29-0ACF-4ECC-927A-0CB27399E5D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F203C449-2B5C-47A1-BF3D-8DCFD29F0B18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A37FB5EC-BB64-472C-81FC-8EEF238E3C12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "45013BCA-3897-4D58-81FA-D8CB9D19268C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6422BF3-01B7-443B-BD2B-80E45D7C3F5F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "696F47E6-C1CA-4A58-A91F-4B3EA92954AF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F712060C-ECDB-4BC7-B9B9-468B41DE615B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D511C170-65E5-416D-B7CE-557A503F25AE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "577C19F5-82ED-46DF-91CC-A074DE99EBDD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEF4592C-5DB3-45F4-B354-59701BBA0C08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema en AhciBusDxe en el kernel versión 5.0 hasta la versión 5.5 en InsydeH2O. Debido a una desviación de puntero no fiable que provoca la corrupción de la memoria de SMM, un atacante puede ser capaz de escribir datos fijos o predecibles en SMRAM. La explotación de este problema podría llevar a escalar privilegios a SMM",
      },
   ],
   id: "CVE-2021-41837",
   lastModified: "2024-11-21T06:26:51.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.5,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-03T02:15:07.033",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0003/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022024",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0003/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022024",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-01 03:15
Modified
2024-11-21 06:09
Summary
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A8D4515-2E1D-4C69-B561-6F42B54FFD74",
                     versionEndExcluding: "5.34.44",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38BBAD45-A06D-41D6-A1CC-5AD560E9DCB8",
                     versionEndExcluding: "5.25.44",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "816E66FC-0597-4442-9257-69B97D27D815",
                     versionEndExcluding: "5.16.25",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A889306B-C22C-4F29-BDBC-08B86252A584",
                     versionEndExcluding: "5.42.44",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C47A7464-4682-474D-B094-CB6F2BD3B6B4",
                     versionEndExcluding: "5.35.25",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AECE476-8649-4928-9702-9E9737E1A764",
                     versionEndExcluding: "5.26.25",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C8173E6-4FED-481D-BF5E-3CABDF13CA61",
                     versionEndExcluding: "5.43.25",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E08DFAD2-130C-4B75-B7EF-602C4B3324F0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD56E8B2-232B-4E1C-BB3F-41B0C1E31D7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75AE72A3-05C6-4564-81CC-67865D03D106",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC5341D-9982-4F18-9C8D-2912DDB8EF9A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "846EE524-BC53-4DE5-81C5-6B5EB2DD8BEA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED11E5B-E60C-4359-B87C-E373DED77677",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1865061F-CF02-410B-B01B-2088F7104867",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "68215EEF-243A-4B02-BEAB-C162A3564D60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "62751FE8-48D7-4D7B-A7DD-4977DE539660",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EC3A82C-1380-4B21-BB17-3760A0B6A027",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2558478-44E0-4D42-A6DC-D4262D15A92A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AD30972-8CE2-46B4-A4B8-B209F6B616AC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFFA7953-DC4C-489A-B5A4-B832FAF3C143",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AC414E9-5DBD-4D60-B0EA-6FB48207B628",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "193BF353-5D85-4F2E-94D0-329ED823FF07",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8CE311F-98F9-4E58-9E52-BAFAF87C0819",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "64538703-AE66-4D4A-B4A1-C88039B9543D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.",
      },
      {
         lang: "es",
         value: "Existe una vulnerabilidad en la rama SMM (System Management Mode) que registra un manejador SWSMI que no comprueba o valida suficientemente el puntero del buffer asignado (valores QWORD para CommBuffer). Esto puede ser utilizado por un atacante para corromper los datos en la memoria SMRAM e incluso llevar a la ejecución de código arbitrario",
      },
   ],
   id: "CVE-2021-33626",
   lastModified: "2024-11-21T06:09:13.410",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-01T03:15:06.593",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0006/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2021001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220216-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2021001",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-829",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-03 01:15
Modified
2024-11-21 05:34
Summary
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:5.12.09.0074:*:*:*:*:*:*:*",
                     matchCriteriaId: "1506F007-8D5A-4F89-9C20-39C956E5E330",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:5.23.04.0045:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D71B9DC-9A25-4395-9369-E746B0BCFAD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:5.23.45.0023:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB7F094E-CE8C-44EB-AA8F-04FE034C0D02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:5.33.15.0034:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F636FC4-E44B-49ED-96E4-BF7187F3344C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:5.34.03.0029:*:*:*:*:*:*:*",
                     matchCriteriaId: "D24FF36C-7E38-4EAA-80B2-299AF22619FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:5.42.03.0010:*:*:*:*:*:*:*",
                     matchCriteriaId: "8822BCEE-BFF7-4691-A0F0-C2CB04BE2354",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37FDCA69-9049-40B4-88AF-F476901022B6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B89A6863-B602-4404-8D26-337FECABFFF0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC5341D-9982-4F18-9C8D-2912DDB8EF9A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "846EE524-BC53-4DE5-81C5-6B5EB2DD8BEA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED11E5B-E60C-4359-B87C-E373DED77677",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1865061F-CF02-410B-B01B-2088F7104867",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "64538703-AE66-4D4A-B4A1-C88039B9543D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AD30972-8CE2-46B4-A4B8-B209F6B616AC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFFA7953-DC4C-489A-B5A4-B832FAF3C143",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AC414E9-5DBD-4D60-B0EA-6FB48207B628",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "193BF353-5D85-4F2E-94D0-329ED823FF07",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8CE311F-98F9-4E58-9E52-BAFAF87C0819",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "68215EEF-243A-4B02-BEAB-C162A3564D60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "62751FE8-48D7-4D7B-A7DD-4977DE539660",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EC3A82C-1380-4B21-BB17-3760A0B6A027",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2558478-44E0-4D42-A6DC-D4262D15A92A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75AE72A3-05C6-4564-81CC-67865D03D106",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad en el manejador de Interrupciones de administración del Sistema (SWSMI) del código del Firmware UEFI de InsydeH2O ubicado en el manejador SWSMI que desreferencia el puntero gRT (EFI_RUNTIME_SERVICES) para llamar a un servicio GetVariable, que es encontrado fuera de la SMRAM. Esto puede resultar en una ejecución de código en SMM (escalando el privilegio del anillo 0 al anillo -2)",
      },
   ],
   id: "CVE-2020-5953",
   lastModified: "2024-11-21T05:34:53.567",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-03T01:15:07.647",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0005/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/products",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/products",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-03 02:15
Modified
2024-11-21 06:09
Summary
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C029DED-CC74-4AFB-B5D0-C1FD8237DCAE",
                     versionEndExcluding: "5.16.23",
                     versionStartIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC748480-3FCF-4F8B-A726-C1DDEA3C78A0",
                     versionEndExcluding: "5.26.23",
                     versionStartIncluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C88BDB9B-D893-47BA-901C-F2055B6F4A89",
                     versionEndExcluding: "5.35.23",
                     versionStartIncluding: "5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83CE2E33-8206-4C9E-8EFF-2AAF68E61A73",
                     versionEndExcluding: "5.43.22",
                     versionStartIncluding: "5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EE863B3-76C2-499F-8A9E-71C1169DC0F0",
                     versionEndExcluding: "5.51.22",
                     versionStartIncluding: "5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:netapp:fas\\/aff_bios:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A714C8D4-9623-43C0-8AF8-8904566AD42C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37FDCA69-9049-40B4-88AF-F476901022B6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B89A6863-B602-4404-8D26-337FECABFFF0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75AE72A3-05C6-4564-81CC-67865D03D106",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "846EE524-BC53-4DE5-81C5-6B5EB2DD8BEA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "64538703-AE66-4D4A-B4A1-C88039B9543D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1865061F-CF02-410B-B01B-2088F7104867",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "320F5752-86B3-4C08-89D0-02272753A6D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED11E5B-E60C-4359-B87C-E373DED77677",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D1E85AC-1305-4C5E-AD8B-39B2654F6057",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "68215EEF-243A-4B02-BEAB-C162A3564D60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC7303D1-CC95-42C7-B843-C3B3B3336669",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "62751FE8-48D7-4D7B-A7DD-4977DE539660",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD6F034-BC50-4223-AE5D-319F04C866A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EC3A82C-1380-4B21-BB17-3760A0B6A027",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2558478-44E0-4D42-A6DC-D4262D15A92A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AD30972-8CE2-46B4-A4B8-B209F6B616AC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFFA7953-DC4C-489A-B5A4-B832FAF3C143",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AC414E9-5DBD-4D60-B0EA-6FB48207B628",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "193BF353-5D85-4F2E-94D0-329ED823FF07",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8CE311F-98F9-4E58-9E52-BAFAF87C0819",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC5341D-9982-4F18-9C8D-2912DDB8EF9A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en el Kernel versión 5.x de InsydeH2O, que afecta a HddPassword. Los servicios SMI de software que utilizan la función Communicate() del EFI_SMM_COMMUNICATION_PROTOCOL no comprueban si la dirección del búfer es válida, lo que permite el uso de direcciones de SMRAM, MMIO o del núcleo del SO",
      },
   ],
   id: "CVE-2021-33625",
   lastModified: "2024-11-21T06:09:13.220",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-03T02:15:06.930",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022014",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220222-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.insyde.com/security-pledge/SA-2022014",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2021-42554
Vulnerability from cvelistv5
Published
2022-02-03 01:40
Modified
2024-08-04 03:38
Severity ?
Summary
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:38:49.251Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2022012",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220216-0007/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T19:06:40",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge/SA-2022012",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220216-0007/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-42554",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/security-pledge",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge",
                  },
                  {
                     name: "https://www.insyde.com/security-pledge/SA-2022012",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge/SA-2022012",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220216-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220216-0007/",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-42554",
      datePublished: "2022-02-03T01:40:56",
      dateReserved: "2021-10-18T00:00:00",
      dateUpdated: "2024-08-04T03:38:49.251Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-41838
Vulnerability from cvelistv5
Published
2022-02-03 01:43
Modified
2024-08-04 03:22
Severity ?
Summary
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:22:24.937Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2022023",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220222-0001/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-23T15:06:23",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge/SA-2022023",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220222-0001/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-41838",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/security-pledge",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge",
                  },
                  {
                     name: "https://www.insyde.com/security-pledge/SA-2022023",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge/SA-2022023",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220222-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220222-0001/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-41838",
      datePublished: "2022-02-03T01:43:30",
      dateReserved: "2021-10-01T00:00:00",
      dateUpdated: "2024-08-04T03:22:24.937Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-5953
Vulnerability from cvelistv5
Published
2022-02-03 01:00
Modified
2024-08-04 08:47
Severity ?
Summary
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:47:41.026Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/products",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220222-0005/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-23T15:06:21",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/products",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220222-0005/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-5953",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/products",
                     refsource: "MISC",
                     url: "https://www.insyde.com/products",
                  },
                  {
                     name: "https://www.insyde.com/security-pledge",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220222-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220222-0005/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-5953",
      datePublished: "2022-02-03T01:00:57",
      dateReserved: "2020-01-06T00:00:00",
      dateUpdated: "2024-08-04T08:47:41.026Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-42059
Vulnerability from cvelistv5
Published
2022-02-03 01:13
Modified
2024-08-04 03:22
Severity ?
Summary
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:22:25.776Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2022006",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220216-0008/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T19:06:27",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge/SA-2022006",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220216-0008/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-42059",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/security-pledge",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge",
                  },
                  {
                     name: "https://www.insyde.com/security-pledge/SA-2022006",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge/SA-2022006",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220216-0008/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220216-0008/",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-42059",
      datePublished: "2022-02-03T01:13:47",
      dateReserved: "2021-10-07T00:00:00",
      dateUpdated: "2024-08-04T03:22:25.776Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-33627
Vulnerability from cvelistv5
Published
2022-02-03 01:30
Modified
2024-08-03 23:58
Severity ?
Summary
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:58:21.427Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2022022",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220222-0002/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-22T16:50:10.835493",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.insyde.com/security-pledge",
            },
            {
               url: "https://www.insyde.com/security-pledge/SA-2022022",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220222-0002/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-33627",
      datePublished: "2022-02-03T01:30:36",
      dateReserved: "2021-05-28T00:00:00",
      dateUpdated: "2024-08-03T23:58:21.427Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-33626
Vulnerability from cvelistv5
Published
2021-10-01 02:21
Modified
2024-08-03 23:58
Severity ?
Summary
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:58:21.523Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2021001",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220216-0006/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T19:07:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge/SA-2021001",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220216-0006/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
         ],
         source: {
            discovery: "INTERNAL",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-33626",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/security-pledge",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge",
                  },
                  {
                     name: "https://www.insyde.com/security-pledge/SA-2021001",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge/SA-2021001",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220216-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220216-0006/",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
               ],
            },
            source: {
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-33626",
      datePublished: "2021-10-01T02:21:29",
      dateReserved: "2021-05-28T00:00:00",
      dateUpdated: "2024-08-03T23:58:21.523Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-41837
Vulnerability from cvelistv5
Published
2022-02-03 01:23
Modified
2024-08-04 03:22
Severity ?
Summary
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:22:25.091Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2022024",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220222-0003/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-23T15:06:18",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge/SA-2022024",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220222-0003/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-41837",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/security-pledge",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge",
                  },
                  {
                     name: "https://www.insyde.com/security-pledge/SA-2022024",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge/SA-2022024",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220222-0003/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220222-0003/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-41837",
      datePublished: "2022-02-03T01:23:39",
      dateReserved: "2021-10-01T00:00:00",
      dateUpdated: "2024-08-04T03:22:25.091Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-27339
Vulnerability from cvelistv5
Published
2021-06-16 15:49
Modified
2024-08-04 16:11
Severity ?
Summary
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T16:11:36.601Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2021001",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220216-0005/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T19:07:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge/SA-2021001",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220216-0005/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-27339",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/security-pledge/SA-2021001",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge/SA-2021001",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220216-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220216-0005/",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-27339",
      datePublished: "2021-06-16T15:49:34",
      dateReserved: "2020-10-20T00:00:00",
      dateUpdated: "2024-08-04T16:11:36.601Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-33625
Vulnerability from cvelistv5
Published
2022-02-03 01:55
Modified
2024-08-03 23:58
Severity ?
Summary
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:58:21.414Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.insyde.com/security-pledge/SA-2022014",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220222-0004/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-23T15:06:25",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.insyde.com/security-pledge/SA-2022014",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220222-0004/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-33625",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.insyde.com/security-pledge",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge",
                  },
                  {
                     name: "https://www.insyde.com/security-pledge/SA-2022014",
                     refsource: "MISC",
                     url: "https://www.insyde.com/security-pledge/SA-2022014",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220222-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220222-0004/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-33625",
      datePublished: "2022-02-03T01:55:10",
      dateReserved: "2021-05-28T00:00:00",
      dateUpdated: "2024-08-03T23:58:21.414Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}