Vulnerabilites related to Siemens - SIMATIC IPC327G
var-202202-0007
Vulnerability from variot
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. InsydeH2O UEFI There is an unspecified vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0007", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.34.03.0029", }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.33.15.0034", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.23.04.0045", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom ape1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.42.03.0010", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.23.45.0023", }, { model: "insydeh2o", scope: "eq", trust: 1, vendor: "insyde", version: "5.12.09.0074", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.12.09.0074:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.23.04.0045:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.23.45.0023:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.33.15.0034:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.34.03.0029:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:5.42.03.0010:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-5953", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2020-5953", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.4, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 6.9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2020-5953", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "High", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-5953", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-5953", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-121", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. InsydeH2O UEFI There is an unspecified vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-5953", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-5953", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001342", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020305", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-121", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, id: "VAR-202202-0007", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T10:51:42.667000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "INSYDE-SA-2022017", trust: 0.8, url: "https://www.insyde.com/products", }, { title: "Insyde InsydeH2O Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180215", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0005/", }, { trust: 1.6, url: "https://www.insyde.com/products", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-5953", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020305", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001342", }, { db: "NVD", id: "CVE-2020-5953", }, { db: "CNNVD", id: "CNNVD-202202-121", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001342", }, { date: "2022-02-03T01:15:07.647000", db: "NVD", id: "CVE-2020-5953", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-121", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001342", }, { date: "2022-04-12T18:17:18.710000", db: "NVD", id: "CVE-2020-5953", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202202-121", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-121", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202202-121", }, ], trust: 0.6, }, }
var-202202-0009
Vulnerability from variot
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0009", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.29", }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.29", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.29", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.29", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.29", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.29", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.29", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.29", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-33627", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-33627", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-33627", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-33627", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-33627", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-115", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-33627", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33627", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001344", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020316", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-115", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, id: "VAR-202202-0009", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2024-07-23T19:45:56.033000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180209", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0002/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022022", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33627", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020316", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001344", }, { db: "CNNVD", id: "CNNVD-202202-115", }, { db: "NVD", id: "CVE-2021-33627", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001344", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-115", }, { date: "2022-02-03T02:15:06.983000", db: "NVD", id: "CVE-2021-33627", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001344", }, { date: "2022-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202202-115", }, { date: "2024-07-22T17:15:02.883000", db: "NVD", id: "CVE-2021-33627", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-115", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-115", }, ], trust: 0.6, }, }
var-202202-0102
Vulnerability from variot
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0102", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.42", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.51.42", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.42", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.42", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.42", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.42", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.42", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.51.42", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-41838", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-41838", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-41838", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-41838", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-41838", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-112", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-41838", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41838", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001346", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020315", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-112", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, id: "VAR-202202-0102", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:19:40.640000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184451", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0001/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022023", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41838", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020315", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001346", }, { db: "NVD", id: "CVE-2021-41838", }, { db: "CNNVD", id: "CNNVD-202202-112", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001346", }, { date: "2022-02-03T02:15:07.080000", db: "NVD", id: "CVE-2021-41838", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-112", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001346", }, { date: "2022-03-01T19:42:25.170000", db: "NVD", id: "CVE-2021-41838", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202202-112", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-112", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-112", }, ], trust: 0.6, }, }
var-202202-0108
Vulnerability from variot
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0108", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.41", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.41", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.41", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.41", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.41", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.51.41", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.41", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.41", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.41", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.41", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.41", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.51.41", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-41837", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-41837", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-41837", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-41837", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-41837", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-113", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-41837", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41837", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001345", trust: 0.8, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CS-HELP", id: "SB2022020314", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-113", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, id: "VAR-202202-0108", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:25:14.275000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181526", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0003/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022024", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41837", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020314", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001345", }, { db: "NVD", id: "CVE-2021-41837", }, { db: "CNNVD", id: "CNNVD-202202-113", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001345", }, { date: "2022-02-03T02:15:07.033000", db: "NVD", id: "CVE-2021-41837", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-113", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001345", }, { date: "2022-03-01T19:43:28.793000", db: "NVD", id: "CVE-2021-41837", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202202-113", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-113", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-113", }, ], trust: 0.6, }, }
var-202202-0147
Vulnerability from variot
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0147", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "ruggedcom ape1808", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.42", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.42", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.42", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.50.51", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.51", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.42", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.42", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.42", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.42", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.51", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.50.51", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-42554", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-42554", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-42554", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-42554", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-42554", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-42554", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202202-107", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-42554", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-42554", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001353", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020318", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-107", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, id: "VAR-202202-0147", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:07:31.315000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185270", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0007/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022012", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42554", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020318", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001353", }, { db: "NVD", id: "CVE-2021-42554", }, { db: "CNNVD", id: "CNNVD-202202-107", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001353", }, { date: "2022-02-03T02:15:07.380000", db: "NVD", id: "CVE-2021-42554", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-107", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:08:00", db: "JVNDB", id: "JVNDB-2022-001353", }, { date: "2022-03-08T20:18:59.047000", db: "NVD", id: "CVE-2021-42554", }, { date: "2022-03-09T00:00:00", db: "CNNVD", id: "CNNVD-202202-107", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-107", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-107", }, ], trust: 0.6, }, }
var-202106-0358
Vulnerability from variot
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0358", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.25.44", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.25", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.25", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom apr1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.25", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.25", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.34.44", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.44", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.34.44", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.25.44", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.25", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.44", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.25", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.25", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.25", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-27339", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2020-27339", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2020-27339", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-27339", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-27339", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202106-1324", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-27339", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-27339", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-007558", trust: 0.8, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202106-1324", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, id: "VAR-202106-0358", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:38:07.442000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "INSYDE-SA-2021001", trust: 0.8, url: "https://www.insyde.com/security-pledge/sa-2021001", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, { problemtype: "Improper authority management (CWE-269) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0005/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2021001", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2020-27339", }, { trust: 0.6, url: "https://www.insyde.com/products", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007558", }, { db: "NVD", id: "CVE-2020-27339", }, { db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-007558", }, { date: "2021-06-16T16:15:07.897000", db: "NVD", id: "CVE-2020-27339", }, { date: "2021-06-16T00:00:00", db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2021-007558", }, { date: "2022-07-12T17:42:04.277000", db: "NVD", id: "CVE-2020-27339", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202106-1324", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202106-1324", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202106-1324", }, ], trust: 0.6, }, }
var-202202-0037
Vulnerability from variot
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0037", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.23", }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "fas\\/aff bios", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.51.22", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.23", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom ape1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.23", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.5", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.22", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.23", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.23", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.23", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.22", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.51.22", versionStartIncluding: "5.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netapp:fas\\/aff_bios:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-33625", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-33625", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.4, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 6.9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-33625", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "High", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-33625", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-33625", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202202-117", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-33625", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33625", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001343", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020319", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-117", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, id: "VAR-202202-0037", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T10:53:47.586000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180211", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, { problemtype: "Buffer error (CWE-119) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220222-0004/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022014", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33625", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020319", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001343", }, { db: "NVD", id: "CVE-2021-33625", }, { db: "CNNVD", id: "CNNVD-202202-117", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001343", }, { date: "2022-02-03T02:15:06.930000", db: "NVD", id: "CVE-2021-33625", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-117", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2022-001343", }, { date: "2022-04-12T18:17:23.980000", db: "NVD", id: "CVE-2021-33625", }, { date: "2022-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202202-117", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-117", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-117", }, ], trust: 0.6, }, }
var-202202-0129
Vulnerability from variot
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0129", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.08.41", }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.0", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.41", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.41", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.20", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.41", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.08.41", versionStartIncluding: "5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.41", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.41", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.41", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.20", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-42059", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-42059", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-42059", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-42059", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-42059", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202202-110", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-42059", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-42059", trust: 4, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-001350", trust: 0.8, }, { db: "CS-HELP", id: "SB2022020322", trust: 0.6, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202202-110", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, id: "VAR-202202-0129", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:01:11.077000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, { title: "Insyde InsydeH2O Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180204", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0008/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge/sa-2022006", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42059", }, { trust: 1, url: "https://www.insyde.com/security-pledge", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022020322", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2022-001350", }, { db: "NVD", id: "CVE-2021-42059", }, { db: "CNNVD", id: "CNNVD-202202-110", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2022-001350", }, { date: "2022-02-03T02:15:07.250000", db: "NVD", id: "CVE-2021-42059", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-110", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2022-02-28T07:08:00", db: "JVNDB", id: "JVNDB-2022-001350", }, { date: "2022-04-18T18:02:45.103000", db: "NVD", id: "CVE-2021-42059", }, { date: "2022-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202202-110", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202202-110", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202202-110", }, ], trust: 0.6, }, }
var-202110-0264
Vulnerability from variot
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. InsydeH2O Includes a vulnerability in incorporating functionality from an untrusted control area.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 up to and including 5.5)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0264", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic ipc377g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic itp1000", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.25.44", }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.2", }, { model: "simatic ipc647e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.35.25", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.43.25", }, { model: "simatic field pg m6", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "ruggedcom apr1808", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.4", }, { model: "simatic ipc627e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc847e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic field pg m5", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.1", }, { model: "simatic ipc677e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.26.25", }, { model: "simatic ipc227g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "gte", trust: 1, vendor: "insyde", version: "5.3", }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.16.25", }, { model: "simatic ipc427e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.34.44", }, { model: "simatic ipc327g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc127e", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: "lt", trust: 1, vendor: "insyde", version: "5.42.44", }, { model: "simatic ipc277g", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "simatic ipc477e pro", scope: "eq", trust: 1, vendor: "siemens", version: null, }, { model: "insydeh2o", scope: null, trust: 0.8, vendor: "insyde", version: null, }, { model: "insydeh2o", scope: "eq", trust: 0.8, vendor: "insyde", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.34.44", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.25.44", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.16.25", versionStartIncluding: "5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.42.44", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.35.25", versionStartIncluding: "5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.26.25", versionStartIncluding: "5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.43.25", versionStartIncluding: "5.4", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-33626", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, cve: "CVE-2021-33626", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-33626", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-33626", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-33626", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202109-2000", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. InsydeH2O Includes a vulnerability in incorporating functionality from an untrusted control area.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 up to and including 5.5)", sources: [ { db: "NVD", id: "CVE-2021-33626", }, { db: "CERT/CC", id: "VU#796611", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "VULMON", id: "CVE-2021-33626", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33626", trust: 4.1, }, { db: "SIEMENS", id: "SSA-306654", trust: 1.6, }, { db: "CERT/CC", id: "VU#796611", trust: 0.8, }, { db: "JVN", id: "JVNVU98748974", trust: 0.8, }, { db: "JVN", id: "JVNVU97136454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-007559", trust: 0.8, }, { db: "LENOVO", id: "LEN-73436", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202109-2000", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-33626", trust: 0.1, }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "VULMON", id: "CVE-2021-33626", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, id: "VAR-202110-0264", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5, }, last_update_date: "2023-12-18T11:10:01.956000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Insyde's Security Pledge Security Advisory", trust: 0.8, url: "https://www.insyde.com/security-pledge", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-829", trust: 1, }, { problemtype: "Incorporating features from untrusted control areas (CWE-829) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.insyde.com/security-pledge/sa-2021001", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20220216-0006/", }, { trust: 1.6, url: "https://www.insyde.com/security-pledge", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33626", }, { trust: 0.8, url: "cve-2020-27339 ", }, { trust: 0.8, url: "cve-2020-5953 ", }, { trust: 0.8, url: "cve-2021-33625 ", }, { trust: 0.8, url: "cve-2021-33626 ", }, { trust: 0.8, url: "cve-2021-33627 ", }, { trust: 0.8, url: "cve-2021-41837 ", }, { trust: 0.8, url: "cve-2021-41838 ", }, { trust: 0.8, url: "cve-2021-41839 ", }, { trust: 0.8, url: "cve-2021-41840 ", }, { trust: 0.8, url: "cve-2021-41841 ", }, { trust: 0.8, url: "cve-2021-42059 ", }, { trust: 0.8, url: "cve-2021-42060 ", }, { trust: 0.8, url: "cve-2021-42113 ", }, { trust: 0.8, url: "cve-2021-42554 ", }, { trust: 0.8, url: "cve-2021-43323 ", }, { trust: 0.8, url: "cve-2021-43522 ", }, { trust: 0.8, url: "cve-2021-43615 ", }, { trust: 0.8, url: "cve-2021-45969 ", }, { trust: 0.8, url: "cve-2021-45970 ", }, { trust: 0.8, url: "cve-2021-45971 ", }, { trust: 0.8, url: "cve-2022-24030 ", }, { trust: 0.8, url: "cve-2022-24031 ", }, { trust: 0.8, url: "cve-2022-24069 ", }, { trust: 0.8, url: "cve-2022-28806 ", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97136454/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98748974/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438", }, { trust: 0.6, url: "https://support.lenovo.com/us/en/product_security/len-73436", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CERT/CC", id: "VU#796611", }, { db: "VULMON", id: "CVE-2021-33626", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#796611", }, { db: "VULMON", id: "CVE-2021-33626", }, { db: "JVNDB", id: "JVNDB-2021-007559", }, { db: "NVD", id: "CVE-2021-33626", }, { db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-01T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2021-10-01T00:00:00", db: "VULMON", id: "CVE-2021-33626", }, { date: "2022-02-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-007559", }, { date: "2021-10-01T03:15:06.593000", db: "NVD", id: "CVE-2021-33626", }, { date: "2021-09-30T00:00:00", db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-26T00:00:00", db: "CERT/CC", id: "VU#796611", }, { date: "2021-10-01T00:00:00", db: "VULMON", id: "CVE-2021-33626", }, { date: "2022-02-28T07:09:00", db: "JVNDB", id: "JVNDB-2021-007559", }, { date: "2022-04-24T02:03:42.070000", db: "NVD", id: "CVE-2021-33626", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202109-2000", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202109-2000", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM", sources: [ { db: "CERT/CC", id: "VU#796611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202109-2000", }, ], trust: 0.6, }, }
cve-2024-56181
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:06
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-56181", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:06:38.581942Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:06:50.557Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC Field PG M5", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-21A", vendor: "Siemens", versions: [ { lessThan: "V31.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-59A", vendor: "Siemens", versions: [ { lessThan: "V32.01.04", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A PRO", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RC-543B", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RW-543A", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC127E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC3000 SMART V3", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC327G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC347G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC377G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC427E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC527G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC627E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC647E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC677E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC847E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ITP1000", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693: Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:03.703Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-216014.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-56181", datePublished: "2025-03-11T09:48:03.703Z", dateReserved: "2024-12-18T12:06:43.292Z", dateUpdated: "2025-03-11T14:06:50.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-56182
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–¼ | Siemens | SIMATIC Field PG M5 |
Version: 0 < * |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-56182", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:03:47.493714Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:05:53.276Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC Field PG M5", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Field PG M6", vendor: "Siemens", versions: [ { lessThan: "V26.01.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-21A", vendor: "Siemens", versions: [ { lessThan: "V31.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-59A", vendor: "Siemens", versions: [ { lessThan: "V32.01.04", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-32A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC PX-39A PRO", vendor: "Siemens", versions: [ { lessThan: "V29.01.07", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RC-543B", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC RW-543A", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC127E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC277G PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC3000 SMART V3", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC327G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC347G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC377G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC427E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC477E PRO", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC527G", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC627E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC647E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC677E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC847E", vendor: "Siemens", versions: [ { lessThan: "V25.02.15", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ITP1000", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693: Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:05.319Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-216014.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-56182", datePublished: "2025-03-11T09:48:05.319Z", dateReserved: "2024-12-18T12:06:43.292Z", dateUpdated: "2025-03-11T14:05:53.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }