Vulnerabilites related to Siemens - SIMATIC IPC127E
var-202202-0007
Vulnerability from variot
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. InsydeH2O UEFI There is an unspecified vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0007", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.34.03.0029", }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.33.15.0034", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.23.04.0045", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom ape1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.42.03.0010", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.23.45.0023", }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.12.09.0074", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.12.09.0074:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.23.04.0045:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.23.45.0023:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.33.15.0034:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.34.03.0029:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.42.03.0010:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-5953", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2020-5953", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.4, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 6.9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2020-5953", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "High", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-5953", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-5953", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-121", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. InsydeH2O UEFI There is an unspecified vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-5953", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-5953", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001342", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020305", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-121", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, id: "VAR-202202-0007", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T10:51:42.667000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "INSYDE-SA-2022017", trust: 0.8, url: "https://www.insyde.com/products", }, { title: "Insyde InsydeH2O Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180215", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0005/", }, { trust: 1.6, url: "https://www.insyde.com/products", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-5953", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020305", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001342", }, { date: "2022-02-03T01:15:07.647000", db: "NVD", id: "CVE-2020-5953", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-121", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001342", }, { date: "2022-04-12T18:17:18.710000", db: "NVD", id: "CVE-2020-5953", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202202-121", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-121", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202202-121", }, ], trust: 0.6, }, }
var-202202-0009
Vulnerability from variot
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0009", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.29", }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.29", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.29", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.29", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.29", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.29", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.29", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.29", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-33627", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-33627", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-33627", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-33627", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-33627", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-115", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-33627", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33627", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001344", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020316", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-115", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, id: "VAR-202202-0009", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2024-07-23T19:45:56.033000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180209", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0002/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022022", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33627", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020316", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001344", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-115", }, { date: "2022-02-03T02:15:06.983000", db: "NVD", id: "CVE-2021-33627", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001344", }, { date: "2022-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202202-115", }, { date: "2024-07-22T17:15:02.883000", db: "NVD", id: "CVE-2021-33627", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-115", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-115", }, ], trust: 0.6, }, }
var-202202-0102
Vulnerability from variot
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0102", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.42", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.51.42", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.42", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.42", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.42", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.42", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.42", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.51.42", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-41838", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-41838", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-41838", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-41838", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-41838", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-112", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-41838", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41838", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001346", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020315", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-112", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, id: "VAR-202202-0102", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:19:40.640000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184451", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0001/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022023", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41838", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020315", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001346", }, { date: "2022-02-03T02:15:07.080000", db: "NVD", id: "CVE-2021-41838", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-112", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001346", }, { date: "2022-03-01T19:42:25.170000", db: "NVD", id: "CVE-2021-41838", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202202-112", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-112", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-112", }, ], trust: 0.6, }, }
var-202202-0108
Vulnerability from variot
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0108", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.41", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.41", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.41", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.41", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.41", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.51.41", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.41", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.41", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.41", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.41", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.41", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.51.41", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-41837", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-41837", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-41837", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-41837", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-41837", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-113", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-41837", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41837", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001345", trust: 0.8, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CS-HELP", id: "SB2022020314", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-113", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, id: "VAR-202202-0108", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:25:14.275000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181526", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0003/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022024", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41837", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020314", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001345", }, { date: "2022-02-03T02:15:07.033000", db: "NVD", id: "CVE-2021-41837", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-113", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001345", }, { date: "2022-03-01T19:43:28.793000", db: "NVD", id: "CVE-2021-41837", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202202-113", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-113", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-113", }, ], trust: 0.6, }, }
var-202202-0147
Vulnerability from variot
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0147", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "ruggedcom ape1808", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.42", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.42", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.50.51", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.51", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.42", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.42", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.42", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.42", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.51", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.50.51", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-42554", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-42554", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-42554", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-42554", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-42554", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-42554", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202202-107", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-42554", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-42554", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001353", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020318", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-107", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, id: "VAR-202202-0147", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:07:31.315000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185270", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0007/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022012", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42554", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020318", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001353", }, { date: "2022-02-03T02:15:07.380000", db: "NVD", id: "CVE-2021-42554", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-107", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:08:00", db: "JVNDB", id: "JVNDB-2022-001353", }, { date: "2022-03-08T20:18:59.047000", db: "NVD", id: "CVE-2021-42554", }, { date: "2022-03-09T00:00:00", db: "CNNVD", id: "CNNVD-202202-107", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-107", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-107", }, ], trust: 0.6, }, }
var-202106-0358
Vulnerability from variot
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0358", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.25.44", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.25", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.25", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom apr1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.25", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.25", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.34.44", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.44", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.34.44", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.25.44", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.25", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.44", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.25", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.25", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.25", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-27339", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2020-27339", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2020-27339", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-27339", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-27339", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202106-1324", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-27339", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-27339", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-007558", trust: 0.8, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202106-1324", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, id: "VAR-202106-0358", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:38:07.442000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "INSYDE-SA-2021001", trust: 0.8, url: "https://www.insyde.com/security-pledge/sa-2021001", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, { problemtype: "Improper authority management (CWE-269) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0005/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2021001", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2020-27339", }, { trust: 0.6, url: "https://www.insyde.com/products", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-007558", }, { date: "2021-06-16T16:15:07.897000", db: "NVD", id: "CVE-2020-27339", }, { date: "2021-06-16T00:00:00", db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2021-007558", }, { date: "2022-07-12T17:42:04.277000", db: "NVD", id: "CVE-2020-27339", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202106-1324", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202106-1324", }, ], trust: 0.6, }, }
var-202202-0037
Vulnerability from variot
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0037", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.23", }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "fas\\/aff bios", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.51.22", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.23", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom ape1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.23", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.22", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.23", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.23", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.23", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.22", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.51.22", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netapp:fas\\/aff_bios:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-33625", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-33625", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.4, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 6.9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-33625", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "High", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-33625", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-33625", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-117", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-33625", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33625", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001343", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020319", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-117", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, id: "VAR-202202-0037", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T10:53:47.586000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180211", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0004/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022014", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33625", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020319", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001343", }, { date: "2022-02-03T02:15:06.930000", db: "NVD", id: "CVE-2021-33625", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-117", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001343", }, { date: "2022-04-12T18:17:23.980000", db: "NVD", id: "CVE-2021-33625", }, { date: "2022-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202202-117", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-117", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-117", }, ], trust: 0.6, }, }
var-202011-1387
Vulnerability from variot
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) CSME and TXE Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1387", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "converged security and manageability engine", scope: "lt", trust: 1, vendor: "intel", version: "11.22.80", }, { model: "simatic ipc427e", scope: "lt", trust: 1, vendor: "siemens", version: "27.01.05", }, { model: "simatic et200sp 1515sp pc2", scope: "lt", trust: 1, vendor: "siemens", version: "0209.0105", }, { model: "sinumerik 840d sl ht 10", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "sinumerik 828d hw pu.4", scope: "lt", trust: 1, vendor: "siemens", version: "08.00.00.00", }, { model: "converged security and manageability engine", scope: "lt", trust: 1, vendor: "intel", version: "14.0.45", }, { model: "simatic ipc527g", scope: "lt", trust: 1, vendor: "siemens", version: "1.4.0", }, { model: "simatic ipc627e", scope: "lt", trust: 1, vendor: "siemens", version: "25.02.08", }, { model: "simatic ipc847e", scope: "lt", trust: 1, vendor: "siemens", version: "25.02.08", }, { model: "simatic ipc647e", scope: "lt", trust: 1, vendor: "siemens", version: "25.02.08", }, { model: "simatic ipc667e", scope: "lt", trust: 1, vendor: "siemens", version: "25.02.08", }, { model: "converged security and manageability engine", scope: "gte", trust: 1, vendor: "intel", version: "12.0", }, { model: "simatic ipc127e", scope: "lt", trust: 1, vendor: "siemens", version: "27.01.05", }, { model: "simatic itp1000", scope: "lt", trust: 1, vendor: "siemens", version: "23.01.08", }, { model: "simatic drive controller", scope: "lt", trust: 1, vendor: "siemens", version: "05.00.01.00", }, { model: "converged security and manageability engine", scope: "lt", trust: 1, vendor: "intel", version: "11.8.80", }, { model: "converged security and manageability engine", scope: "gte", trust: 1, vendor: "intel", version: "14.5.0", }, { model: "converged security and manageability engine", scope: "lt", trust: 1, vendor: "intel", version: "14.5.25", }, { model: "sinumerik mc mcu 1720", scope: "lt", trust: 1, vendor: "siemens", version: "05.00.00.00", }, { model: "sinumerik one", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "sinumerik one ncu 1740", scope: "lt", trust: 1, vendor: "siemens", version: "04.00.00.00", }, { model: "trusted execution technology", scope: "lt", trust: 1, vendor: "intel", version: "4.0.30", }, { model: "trusted execution technology", scope: "gte", trust: 1, vendor: "intel", version: "4.0", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "converged security and manageability engine", scope: "gte", trust: 1, vendor: "intel", version: "14.0", }, { model: "sinumerik one ppu 1740", scope: "lt", trust: 1, vendor: "siemens", version: "06.00.00.00", }, { model: "converged security and manageability engine", scope: "lt", trust: 1, vendor: "intel", version: "11.12.80", }, { model: "simatic ipc477e", scope: "lt", trust: 1, vendor: "siemens", version: "27.01.05", }, { model: "simatic ipc547g", scope: "lt", trust: 1, vendor: "siemens", version: "r1.30.0", }, { model: "simatic field pg m5", scope: "lt", trust: 1, vendor: "siemens", version: "22.01.08", }, { model: "converged security and manageability engine", scope: "gte", trust: 1, vendor: "intel", version: "11.22.0", }, { model: "trusted execution technology", scope: "lt", trust: 1, vendor: "intel", version: "3.1.80", }, { model: "converged security and manageability engine", scope: "lt", trust: 1, vendor: "intel", version: "12.0.70", }, { model: "converged security and manageability engine", scope: "gte", trust: 1, vendor: "intel", version: "11.12.0", }, { model: "trusted execution technology", scope: null, trust: 0.8, vendor: "インテル", version: null, }, { model: "intel csme", scope: null, trust: 0.8, vendor: "インテル", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "NVD", id: "CVE-2020-8745", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemen reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-201911-1653", }, ], trust: 0.6, }, cve: "CVE-2020-8745", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2020-8745", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-186870", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "PHYSICAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2020-8745", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Physical", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-8745", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-8745", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2020-8745", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201911-1653", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-186870", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-8745", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-186870", }, { db: "VULMON", id: "CVE-2020-8745", }, { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "CNNVD", id: "CNNVD-201911-1653", }, { db: "NVD", id: "CVE-2020-8745", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) CSME and TXE Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-8745", }, { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "VULHUB", id: "VHN-186870", }, { db: "VULMON", id: "CVE-2020-8745", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-8745", trust: 2.6, }, { db: "SIEMENS", id: "SSA-678983", trust: 1.8, }, { db: "JVN", id: "JVNVU91051134", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-013418", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-22-132-05", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2020.3958.2", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3958", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.2355", trust: 0.6, }, { db: "LENOVO", id: "LEN-39432", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201911-1653", trust: 0.6, }, { db: "VULHUB", id: "VHN-186870", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-8745", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-186870", }, { db: "VULMON", id: "CVE-2020-8745", }, { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "CNNVD", id: "CNNVD-201911-1653", }, { db: "NVD", id: "CVE-2020-8745", }, ], }, id: "VAR-202011-1387", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-186870", }, ], trust: 0.77708335, }, last_update_date: "2024-11-23T21:18:20.183000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "INTEL-SA-00391", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html", }, { title: "Intel TXE Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=134975", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0bfef52a44075162940391ee650c313e", }, { title: "HP: HPSBHF03703 rev. 1 - Intel® 2020.2 IPU - CSME, SPS, TXE, AMT, and DAL Security Update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03703", }, { title: "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03703 rev. 4 - Intel® 2020.2 IPU - CSME, SPS, TXE, AMT, and DAL Security Update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=c2cb4814b580012b6267520bd227e8ae", }, { title: "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03703 rev. 4 - Intel® 2020.2 IPU - CSME, SPS, TXE, AMT, and DAL Security Update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=f5eb680d1c7e445b4a8fdf769d4117b0", }, ], sources: [ { db: "VULMON", id: "CVE-2020-8745", }, { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "CNNVD", id: "CNNVD-201911-1653", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Improper authority management (CWE-269) [NVD Evaluation ]", trust: 0.8, }, { problemtype: "CWE-269", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-186870", }, { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "NVD", id: "CVE-2020-8745", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf", }, { trust: 1.8, url: "https://security.netapp.com/advisory/ntap-20201113-0002/", }, { trust: 1.8, url: "https://security.netapp.com/advisory/ntap-20201113-0005/", }, { trust: 1.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8745", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu91051134/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3958/", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3958.2/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.2355", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-39432", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-05", }, { trust: 0.1, url: "https://support.hp.com/us-en/document/c06962103", }, ], sources: [ { db: "VULHUB", id: "VHN-186870", }, { db: "VULMON", id: "CVE-2020-8745", }, { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "CNNVD", id: "CNNVD-201911-1653", }, { db: "NVD", id: "CVE-2020-8745", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-186870", }, { db: "VULMON", id: "CVE-2020-8745", }, { db: "JVNDB", id: "JVNDB-2020-013418", }, { db: "CNNVD", id: "CNNVD-201911-1653", }, { db: "NVD", id: "CVE-2020-8745", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-11-12T00:00:00", db: "VULHUB", id: "VHN-186870", }, { date: "2020-11-12T00:00:00", db: "VULMON", id: "CVE-2020-8745", }, { date: "2021-07-02T00:00:00", db: "JVNDB", id: "JVNDB-2020-013418", }, { date: "2019-11-10T00:00:00", db: "CNNVD", id: "CNNVD-201911-1653", }, { date: "2020-11-12T18:15:17.300000", db: "NVD", id: "CVE-2020-8745", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-14T00:00:00", db: "VULHUB", id: "VHN-186870", }, { date: "2021-07-21T00:00:00", db: "VULMON", id: "CVE-2020-8745", }, { date: "2021-07-02T04:36:00", db: "JVNDB", id: "JVNDB-2020-013418", }, { date: "2022-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201911-1653", }, { date: "2024-11-21T05:39:22.207000", db: "NVD", id: "CVE-2020-8745", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Intel(R) CSME and TXE Vulnerability in privilege management", sources: [ { db: "JVNDB", id: "JVNDB-2020-013418", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201911-1653", }, ], trust: 0.6, }, }
var-202110-0264
Vulnerability from variot
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. InsydeH2O Includes a vulnerability in incorporating functionality from an untrusted control area.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 up to and including 5.5)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0264", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.25.44", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.25", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.25", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom apr1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.25", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.25", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.34.44", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.44", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.34.44", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.25.44", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.25", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.44", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.25", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.25", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.25", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-33626", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-33626", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-33626", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-33626", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-33626", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202109-2000", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. InsydeH2O Includes a vulnerability in incorporating functionality from an untrusted control area.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 up to and including 5.5)", sources: [ { db: "NVD", id: "CVE-2021-33626", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "VULMON", id: "CVE-2021-33626", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33626", trust: 4.1, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-007559", trust: 0.8, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202109-2000", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-33626", trust: 0.1, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "VULMON", id: "CVE-2021-33626", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, id: "VAR-202110-0264", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:10:01.956000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-829", trust: 1, }, { problemtype: "Incorporating features from untrusted control areas (CWE-829) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.insyde.com/security-pledge/sa-2021001", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0006/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33626", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "VULMON", id: "CVE-2021-33626", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "VULMON", id: "CVE-2021-33626", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2021-10-01T00:00:00", db: "VULMON", id: "CVE-2021-33626", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-007559", }, { date: "2021-10-01T03:15:06.593000", db: "NVD", id: "CVE-2021-33626", }, { date: "2021-09-30T00:00:00", db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2021-10-01T00:00:00", db: "VULMON", id: "CVE-2021-33626", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2021-007559", }, { date: "2022-04-24T02:03:42.070000", db: "NVD", id: "CVE-2021-33626", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202109-2000", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202109-2000", }, ], trust: 0.6, }, }
var-202202-0129
Vulnerability from variot
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0129", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.41", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.41", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.41", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.20", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.41", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.41", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.41", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.41", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.41", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.20", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-42059", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-42059", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-42059", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-42059", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-42059", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202202-110", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-42059", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-42059", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001350", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020322", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-110", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, id: "VAR-202202-0129", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:01:11.077000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180204", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0008/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022006", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42059", }, { trust: 1, url: "https://www.insyde.com/security-pledge", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020322", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001350", }, { date: "2022-02-03T02:15:07.250000", db: "NVD", id: "CVE-2021-42059", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-110", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:08:00", db: "JVNDB", id: "JVNDB-2022-001350", }, { date: "2022-04-18T18:02:45.103000", db: "NVD", id: "CVE-2021-42059", }, { date: "2022-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202202-110", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-110", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-110", }, ], trust: 0.6, }, }
var-202106-0345
Vulnerability from variot
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components.
For the stable distribution (buster), these problems have been fixed in version 3.20210608.2~deb10u1.
Note that there are two reported regressions; for some CoffeeLake CPUs this update may break iwlwifi (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56) and some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS, the system may hang on boot: (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31)
If you are affected by those issues, you can recover by disabling microcode loading on boot (as documented in README.Debian (also available online at https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian))
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8 Tja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB haasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20 9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD 3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch AdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6 xWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ qDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE GVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw k//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn AYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh 9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg= =RVf2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2301-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2301 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64
- Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
-
hw: vt-d related privilege escalation (CVE-2020-24489)
-
hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)
-
hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)
-
hw: information disclosure on some Intel Atom processors (CVE-2020-24513)
Bug Fix(es) and Enhancement(s):
-
Update Intel CPU microcode to microcode-20210525 release
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: microcode_ctl-2.1-22.39.el7_4.src.rpm
x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: microcode_ctl-2.1-22.39.el7_4.src.rpm
x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: microcode_ctl-2.1-22.39.el7_4.src.rpm
x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMAhZtzjgjWX9erEAQgacA/8CSb4gKvVxCL/UEvQ8fD+Fuk7bVgGXgdl zfHALQmqxEvgcquECA1+0gVaALewsTbv0jYGt8ar3LXlNfdYvJyTZIkkTU7QPZX4 noIGXIk9Ljn6HDzNVq4+SzQGFhsy+eCyj0ksgLD1pYvSXZhMhIFoNs88qbn4vohF NWbr/79PFDN5Z8OD6eZ62dQuU0EBgR2/zQGhqEp2A5AIGyCpoGkeMjQbcEr8MTYw re11SdeDWdXudlgn6lCeVm1NB8/oaCRih7VTaNzHMTihyG2fS6Vfy9Tf1PcXXrZT 8r21wAISxES7QfMCxBB3jnlq+/3QYFG/dYLDZ8EDwa6ZCXyFRHirUQP6vrk9TG5k xVPIFH/QUwcWFaquGbvtpllAgn1tcSohpzMzDPqLIFSO031A1Xdn6JaYaUi9unO7 wOUS5MMYTJtXjQJ/lBjMFFCEMzGZ1VY74wwdHmyoBW9eA6DnfjTHsnhTpWvLbuHw fM0+/amC1YdZkMOmKWeSNkB0ESISQw6d7/pgT1px/ZyEktGtlnvOcybPpqVVFnnT 3llMAz6CW3UL59MvAvPk9dXKSeJBfsXVVQq21VVuNi/KHSE9tsYQnBgiVizDbrru npkQK4e+JU/GxTuioDK4/QrC89S9ZTvHcfiTFhpDt8DNxJdkmjjNi87m1UWfS1rL 3CqP9OqPU7Q=cruI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0345", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "atom c3950", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3308", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3958", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3350", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-l13g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3708", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver n5000", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "p5921b", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3455", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4105", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x5-a3930", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "p5931b", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "p5962b", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n4200", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3336", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3350e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4100", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver j5040", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3508", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3558", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium j6425", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n6415", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver n5030", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3558rc", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x6425e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j6413", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n6211", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "simatic et 200sp open controller", scope: "lt", trust: 1, vendor: "siemens", version: "0209_0105", }, { model: "celeron j3355e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium j4205", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom p5942b", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x5-a3940", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3758", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3450", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x5-a3960", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "atom c3858", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x6427fe", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3338r", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3750", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3850", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "simatic ipc127e", scope: "lt", trust: 1, vendor: "siemens", version: "21.01.07", }, { model: "atom x6211e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-l16g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x6212re", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4005", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3758r", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3808", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4000", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3538", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x5-a3950", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3436l", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x6413e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "celeron n4020", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3455e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver j5005", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "simatic drive controller", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "atom x6200fe", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4125", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3955", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4120", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n4200e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3558r", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3355", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4025", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3338", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x6425re", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom c3830", scope: "eq", trust: 1, vendor: "intel", version: null, }, ], sources: [ { db: "NVD", id: "CVE-2020-24513", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202106-632", }, ], trust: 0.6, }, cve: "CVE-2020-24513", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2020-24513", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.1, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-178399", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2, id: "CVE-2020-24513", impactScore: 4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-24513", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202106-632", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-178399", trust: 0.1, value: "LOW", }, { author: "VULMON", id: "CVE-2020-24513", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-178399", }, { db: "VULMON", id: "CVE-2020-24513", }, { db: "CNNVD", id: "CNNVD-202106-632", }, { db: "NVD", id: "CVE-2020-24513", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 3.20210608.2~deb10u1. \n\nNote that there are two reported regressions; for some CoffeeLake CPUs\nthis update may break iwlwifi\n(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56)\nand some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS,\nthe system may hang on boot:\n(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31)\n\nIf you are affected by those issues, you can recover by disabling microcode\nloading on boot (as documented in README.Debian (also available online at\nhttps://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian))\n\nWe recommend that you upgrade your intel-microcode packages. \n\nFor the detailed security status of intel-microcode please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8\nTja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB\nhaasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20\n9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD\n3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch\nAdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6\nxWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ\nqDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE\nGVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw\nk//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn\nAYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh\n9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg=\n=RVf2\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: microcode_ctl security, bug fix and enhancement update\nAdvisory ID: RHSA-2021:2301-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2301\nIssue date: 2021-06-08\nCVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512\n CVE-2020-24513\n====================================================================\n1. Summary:\n\nAn update for microcode_ctl is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - x86_64\n\n3. Description:\n\nThe microcode_ctl packages provide microcode updates for Intel. \n\nSecurity Fix(es):\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: information disclosure on some Intel Atom processors (CVE-2020-24513)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20210525 release\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1962650 - CVE-2020-24489 hw: vt-d related privilege escalation\n1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors\n1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors\n1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nmicrocode_ctl-2.1-22.39.el7_4.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-22.39.el7_4.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nmicrocode_ctl-2.1-22.39.el7_4.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-22.39.el7_4.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nmicrocode_ctl-2.1-22.39.el7_4.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-22.39.el7_4.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-24489\nhttps://access.redhat.com/security/cve/CVE-2020-24511\nhttps://access.redhat.com/security/cve/CVE-2020-24512\nhttps://access.redhat.com/security/cve/CVE-2020-24513\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMAhZtzjgjWX9erEAQgacA/8CSb4gKvVxCL/UEvQ8fD+Fuk7bVgGXgdl\nzfHALQmqxEvgcquECA1+0gVaALewsTbv0jYGt8ar3LXlNfdYvJyTZIkkTU7QPZX4\nnoIGXIk9Ljn6HDzNVq4+SzQGFhsy+eCyj0ksgLD1pYvSXZhMhIFoNs88qbn4vohF\nNWbr/79PFDN5Z8OD6eZ62dQuU0EBgR2/zQGhqEp2A5AIGyCpoGkeMjQbcEr8MTYw\nre11SdeDWdXudlgn6lCeVm1NB8/oaCRih7VTaNzHMTihyG2fS6Vfy9Tf1PcXXrZT\n8r21wAISxES7QfMCxBB3jnlq+/3QYFG/dYLDZ8EDwa6ZCXyFRHirUQP6vrk9TG5k\nxVPIFH/QUwcWFaquGbvtpllAgn1tcSohpzMzDPqLIFSO031A1Xdn6JaYaUi9unO7\nwOUS5MMYTJtXjQJ/lBjMFFCEMzGZ1VY74wwdHmyoBW9eA6DnfjTHsnhTpWvLbuHw\nfM0+/amC1YdZkMOmKWeSNkB0ESISQw6d7/pgT1px/ZyEktGtlnvOcybPpqVVFnnT\n3llMAz6CW3UL59MvAvPk9dXKSeJBfsXVVQq21VVuNi/KHSE9tsYQnBgiVizDbrru\nnpkQK4e+JU/GxTuioDK4/QrC89S9ZTvHcfiTFhpDt8DNxJdkmjjNi87m1UWfS1rL\n3CqP9OqPU7Q=cruI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2020-24513", }, { db: "VULHUB", id: "VHN-178399", }, { db: "VULMON", id: "CVE-2020-24513", }, { db: "PACKETSTORM", id: "169079", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163044", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-24513", trust: 2.4, }, { db: "SIEMENS", id: "SSA-309571", trust: 1.7, }, { db: "PACKETSTORM", id: "163031", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2021.4047", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2537", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.1996", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2088", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2258", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2243", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3443", trust: 0.6, }, { db: "CS-HELP", id: "SB2021062128", trust: 0.6, }, { db: "CS-HELP", id: "SB2021062701", trust: 0.6, }, { db: "CS-HELP", id: "SB2021081109", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-21-222-05", trust: 0.6, }, { db: "LENOVO", id: "LEN-62742", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202106-632", trust: 0.6, }, { db: "PACKETSTORM", id: "163037", trust: 0.2, }, { db: "PACKETSTORM", id: "163044", trust: 0.2, }, { db: "PACKETSTORM", id: "163042", trust: 0.2, }, { db: "PACKETSTORM", id: "163043", trust: 0.2, }, { db: "PACKETSTORM", id: "163032", trust: 0.2, }, { db: "PACKETSTORM", id: "163047", trust: 0.1, }, { db: "PACKETSTORM", id: "163040", trust: 0.1, }, { db: "PACKETSTORM", id: "163048", trust: 0.1, }, { db: "PACKETSTORM", id: "163036", trust: 0.1, }, { db: "PACKETSTORM", id: "163046", trust: 0.1, }, { db: "VULHUB", id: "VHN-178399", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-24513", trust: 0.1, }, { db: "PACKETSTORM", id: "169079", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-178399", }, { db: "VULMON", id: "CVE-2020-24513", }, { db: "PACKETSTORM", id: "169079", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163044", }, { db: "CNNVD", id: "CNNVD-202106-632", }, { db: "NVD", id: "CVE-2020-24513", }, ], }, id: "VAR-202106-0345", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-178399", }, ], trust: 0.7111111, }, last_update_date: "2024-11-29T22:09:51.805000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Intel Atom Processors Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155259", }, { title: "Red Hat: CVE-2020-24513", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2020-24513", }, { title: "Debian CVElist Bug Report Logs: intel-microcode: CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2021-24489 (INTEL-SA-00464, INTEL-SA-00465, INTEL-SA-00442)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5d902b5a89823da316827bef43ff1012", }, { title: "Debian Security Advisories: DSA-4934-1 intel-microcode -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=4ad7d48e75ab61a8e061047171de2577", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-24513 log", }, { title: "Arch Linux Advisories: [ASA-202106-34] intel-ucode: multiple issues", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-34", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=240e27e5c8fba28153598a375a2a4130", }, ], sources: [ { db: "VULMON", id: "CVE-2020-24513", }, { db: "CNNVD", id: "CNNVD-202106-632", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2020-24513", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://www.debian.org/security/2021/dsa-4934", }, { trust: 1.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html", }, { trust: 1.8, url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", }, { trust: 1.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", }, { trust: 1.2, url: "https://access.redhat.com/security/cve/cve-2020-24513", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24511", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24512", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24513", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24489", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/163031/red-hat-security-advisory-2021-2299-01.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021081109", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-62742", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/6501139", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2537", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.1996", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/6520482", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2243", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2088", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2258", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021062128", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021062701", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3443", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.4047", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/intel-atom-processor-information-disclosure-via-domain-bypass-transient-execution-35665", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-24511", }, { trust: 0.5, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.5, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.5, url: "https://access.redhat.com/articles/11258", }, { trust: 0.5, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-24489", }, { trust: 0.5, url: "https://bugzilla.redhat.com/):", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-24512", }, { trust: 0.5, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/readme.debian))", }, { trust: 0.1, url: "https://github.com/intel/intel-linux-processor-microcode-data-files/issues/56)", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://github.com/intel/intel-linux-processor-microcode-data-files/issues/31)", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://security-tracker.debian.org/tracker/intel-microcode", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2302", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2306", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2308", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2301", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2304", }, ], sources: [ { db: "VULHUB", id: "VHN-178399", }, { db: "VULMON", id: "CVE-2020-24513", }, { db: "PACKETSTORM", id: "169079", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163044", }, { db: "CNNVD", id: "CNNVD-202106-632", }, { db: "NVD", id: "CVE-2020-24513", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-178399", }, { db: "VULMON", id: "CVE-2020-24513", }, { db: "PACKETSTORM", id: "169079", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163044", }, { db: "CNNVD", id: "CNNVD-202106-632", }, { db: "NVD", id: "CVE-2020-24513", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-09T00:00:00", db: "VULHUB", id: "VHN-178399", }, { date: "2021-06-09T00:00:00", db: "VULMON", id: "CVE-2020-24513", }, { date: "2021-06-28T19:12:00", db: "PACKETSTORM", id: "169079", }, { date: "2021-06-09T13:26:50", db: "PACKETSTORM", id: "163032", }, { date: "2021-06-09T13:28:17", db: "PACKETSTORM", id: "163037", }, { date: "2021-06-09T13:40:32", db: "PACKETSTORM", id: "163042", }, { date: "2021-06-09T13:40:40", db: "PACKETSTORM", id: "163043", }, { date: "2021-06-09T13:40:48", db: "PACKETSTORM", id: "163044", }, { date: "2021-06-08T00:00:00", db: "CNNVD", id: "CNNVD-202106-632", }, { date: "2021-06-09T19:15:08.963000", db: "NVD", id: "CVE-2020-24513", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-22T00:00:00", db: "VULHUB", id: "VHN-178399", }, { date: "2021-08-10T00:00:00", db: "VULMON", id: "CVE-2020-24513", }, { date: "2022-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202106-632", }, { date: "2022-04-22T16:20:19.347000", db: "NVD", id: "CVE-2020-24513", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202106-632", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Intel Processors Information disclosure vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202106-632", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202106-632", }, ], trust: 0.6, }, }
cve-2024-56181
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:06
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-56181", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:06:38.581942Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:06:50.557Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC Field PG M5", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-21A", vendor: "Siemens", versions: [ { lessThan: "V31.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-59A", vendor: "Siemens", versions: [ { lessThan: "V32.01.04", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A PRO", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RC-543B", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RW-543A", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC127E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC3000 SMART V3", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC327G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC347G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC377G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC427E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC527G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC627E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC647E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC677E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC847E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ITP1000", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693: Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:03.703Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-216014.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-56181", datePublished: "2025-03-11T09:48:03.703Z", dateReserved: "2024-12-18T12:06:43.292Z", dateUpdated: "2025-03-11T14:06:50.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-56182
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–¼ | Siemens | SIMATIC Field PG M5 |
Version: 0 < * |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-56182", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:03:47.493714Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:05:53.276Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC Field PG M5", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Field PG M6", vendor: "Siemens", versions: [ { lessThan: "V26.01.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-21A", vendor: "Siemens", versions: [ { lessThan: "V31.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-59A", vendor: "Siemens", versions: [ { lessThan: "V32.01.04", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A PRO", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RC-543B", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RW-543A", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC127E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC3000 SMART V3", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC327G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC347G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC377G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC427E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC527G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC627E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC647E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC677E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC847E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ITP1000", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693: Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:05.319Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-216014.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-56182", datePublished: "2025-03-11T09:48:05.319Z", dateReserved: "2024-12-18T12:06:43.292Z", dateUpdated: "2025-03-11T14:05:53.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }