Action not permitted
Modal body text goes here.
CVE-2021-33627
Vulnerability from cvelistv5
Published
2022-02-03 01:30
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220222-0002/ | Third Party Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022022 | Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022022"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220222-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T16:50:10.835493",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022022"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220222-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33627",
"datePublished": "2022-02-03T01:30:36",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-33627\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-03T02:15:06.983\",\"lastModified\":\"2024-07-22T17:15:02.883\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en InsydeH2O versi\u00f3n 5.x, que afecta a FwBlockServiceSmm. Los servicios SMI de software que utilizan la funci\u00f3n Communicate() del EFI_SMM_COMMUNICATION_PROTOCOL no comprueban si la direcci\u00f3n del b\u00fafer es v\u00e1lida, lo que permite el uso de direcciones SMRAM, MMIO o del n\u00facleo del SO\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.2},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.08.29\",\"matchCriteriaId\":\"95221F93-8BE6-47E3-BFB4-E7603C320F0D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"5.16.29\",\"matchCriteriaId\":\"D26CDAE4-0D04-4EB2-8A8C-CDEBDF8BA38C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.26.29\",\"matchCriteriaId\":\"E0546FD8-0648-46EB-893F-411F869077E5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.35.29\",\"matchCriteriaId\":\"89966555-5DD1-4C61-B3B2-7AF7AF7D24D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"506DEE00-30D2-4E29-9645-757EB8778C0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"324ADC7E-AECD-4B7D-8571-5399542C2BF6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F3C3E60-7C36-4F5D-B454-97C9D0FD9459\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"480C5657-5C05-40F5-B76A-E67119727ED8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AEB5AD1-3973-4150-BEA2-C9DE0B98222F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D1E85AC-1305-4C5E-AD8B-39B2654F6057\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3F52F29-0ACF-4ECC-927A-0CB27399E5D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"320F5752-86B3-4C08-89D0-02272753A6D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F203C449-2B5C-47A1-BF3D-8DCFD29F0B18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC7303D1-CC95-42C7-B843-C3B3B3336669\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A37FB5EC-BB64-472C-81FC-8EEF238E3C12\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDD6F034-BC50-4223-AE5D-319F04C866A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45013BCA-3897-4D58-81FA-D8CB9D19268C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6422BF3-01B7-443B-BD2B-80E45D7C3F5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A40D0CDB-7BE6-491F-B730-3B4E10CA159A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"696F47E6-C1CA-4A58-A91F-4B3EA92954AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDF9D4C3-1892-48FA-95B4-835B636A4005\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F712060C-ECDB-4BC7-B9B9-468B41DE615B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D9AF082-8345-4BE1-B1FC-6E0316BB833B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D511C170-65E5-416D-B7CE-557A503F25AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E430C4C5-D887-47C6-B50F-66EEE9519151\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"577C19F5-82ED-46DF-91CC-A074DE99EBDD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F9FA42D-B2F0-456F-89B7-6A5789787FBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF4592C-5DB3-45F4-B354-59701BBA0C08\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1157418C-14C4-43C4-B63E-7E98D868A94F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"187C6D51-5B86-484D-AE0F-26D1C9465580\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220222-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge/SA-2022022\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2021-33627
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-33627",
"description": "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.",
"id": "GSD-2021-33627"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-33627"
],
"details": "An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses",
"id": "GSD-2021-33627",
"modified": "2023-12-13T01:23:18.602173Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"url": "https://www.insyde.com/security-pledge"
},
{
"name": "https://www.insyde.com/security-pledge/SA-2022022",
"refsource": "MISC",
"url": "https://www.insyde.com/security-pledge/SA-2022022"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220222-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220222-0002/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.08.29",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.16.29",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.26.29",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.35.29",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33627"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"name": "https://www.insyde.com/security-pledge/SA-2022022",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022022"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220222-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220222-0002/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
},
"lastModifiedDate": "2022-03-01T19:53Z",
"publishedDate": "2022-02-03T02:15Z"
}
}
}
ssa-306654
Vulnerability from csaf_siemens
Published
2022-02-22 00:00
Modified
2023-11-14 00:00
Summary
SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products
Notes
Summary
Insyde has published information on vulnerabilities in Insyde BIOS in
February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities.
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Insyde has published information on vulnerabilities in Insyde BIOS in \nFebruary 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities.\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-306654.html"
},
{
"category": "self",
"summary": "SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-306654.json"
},
{
"category": "self",
"summary": "SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
},
{
"category": "self",
"summary": "SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-306654.txt"
}
],
"title": "SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products",
"tracking": {
"current_release_date": "2023-11-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-306654",
"initial_release_date": "2022-02-22T00:00:00Z",
"revision_history": [
{
"date": "2022-02-22T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-03-08T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Corrected AV:L for all CVEs, added RUGGEDCOM APE1808 and SIMATIC IPC477E PRO"
},
{
"date": "2022-07-12T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added CVE-2021-43613, CVE-2021-43614 and CVE-2021-38489, add fix for SIMATIC Field PG M6, SIMATIC ITP1000 for all CVEs except CVE-2021-43613"
},
{
"date": "2022-08-09T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMATIC IPC227G, SIMATIC IPC277G, SIMATIC IPC327G, SIMATIC IPC377G, clarified affected versions for RUGGEDCOM APE1808"
},
{
"date": "2022-10-11T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added partial fix for SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E Pro"
},
{
"date": "2023-02-14T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added partial fix for SIMATIC IPC627E, SIMATIC IPC677E, SIMATIC IPC677E, and SIMATIC IPC847E"
},
{
"date": "2023-07-11T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added fix SIMATIC Field PG M5"
},
{
"date": "2023-08-08T00:00:00Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Removed fix for SIMATIC Field PG M6 as fix version was withdrawn"
},
{
"date": "2023-11-14T00:00:00Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Added fix for SIMATIC IPC127E"
}
],
"status": "interim",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GL0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GL1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GK0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GK1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GM0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1)",
"product_id": "6",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GM1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0)",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GP0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1)",
"product_id": "8",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GP1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0)",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GN0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1)",
"product_id": "10",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GN1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0)",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AA0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1)",
"product_id": "12",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AA1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0)",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1)",
"product_id": "14",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AB1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0)",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AD0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1)",
"product_id": "16",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AD1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0)",
"product_id": "17",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AF0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1)",
"product_id": "18",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-1AF1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0)",
"product_id": "19",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GH0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1)",
"product_id": "20",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GH1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0)",
"product_id": "21",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GJ0"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All Versions \u003c V01.00.20_2N",
"product": {
"name": "RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1)",
"product_id": "22",
"product_identification_helper": {
"model_numbers": [
"6GK6015-0AL20-0GJ1"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV22.01.10",
"product": {
"name": "SIMATIC Field PG M5",
"product_id": "23"
}
},
{
"category": "product_version_range",
"name": "V22.01.10",
"product": {
"name": "SIMATIC Field PG M5",
"product_id": "24"
}
}
],
"category": "product_name",
"name": "SIMATIC Field PG M5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC Field PG M6",
"product_id": "25"
}
}
],
"category": "product_name",
"name": "SIMATIC Field PG M6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV27.01.09",
"product": {
"name": "SIMATIC IPC127E",
"product_id": "26"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC127E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV28.01.04",
"product": {
"name": "SIMATIC IPC227G",
"product_id": "27"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC227G"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV28.01.04",
"product": {
"name": "SIMATIC IPC277G",
"product_id": "28"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC277G"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV28.01.04",
"product": {
"name": "SIMATIC IPC327G",
"product_id": "29"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC327G"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV28.01.04",
"product": {
"name": "SIMATIC IPC377G",
"product_id": "30"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC377G"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV21.01.17",
"product": {
"name": "SIMATIC IPC427E",
"product_id": "31"
}
},
{
"category": "product_version_range",
"name": "\u003e=V21.01.17",
"product": {
"name": "SIMATIC IPC427E",
"product_id": "32"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC427E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV21.01.17",
"product": {
"name": "SIMATIC IPC477E",
"product_id": "33"
}
},
{
"category": "product_version_range",
"name": "\u003e=V21.01.17",
"product": {
"name": "SIMATIC IPC477E",
"product_id": "34"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC477E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV21.01.17",
"product": {
"name": "SIMATIC IPC477E Pro",
"product_id": "35"
}
},
{
"category": "product_version_range",
"name": "\u003e=V21.01.17",
"product": {
"name": "SIMATIC IPC477E Pro",
"product_id": "36"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC477E Pro"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV25.02.12",
"product": {
"name": "SIMATIC IPC627E",
"product_id": "37"
}
},
{
"category": "product_version_range",
"name": "\u003e=V25.02.12",
"product": {
"name": "SIMATIC IPC627E",
"product_id": "38"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC627E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV25.02.12",
"product": {
"name": "SIMATIC IPC647E",
"product_id": "39"
}
},
{
"category": "product_version_range",
"name": "\u003e=V25.02.12",
"product": {
"name": "SIMATIC IPC647E",
"product_id": "40"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC647E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV25.02.12",
"product": {
"name": "SIMATIC IPC677E",
"product_id": "41"
}
},
{
"category": "product_version_range",
"name": "\u003e=V25.02.12",
"product": {
"name": "SIMATIC IPC677E",
"product_id": "42"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC677E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV25.02.12",
"product": {
"name": "SIMATIC IPC847E",
"product_id": "43"
}
},
{
"category": "product_version_range",
"name": "\u003e=V25.02.12",
"product": {
"name": "SIMATIC IPC847E",
"product_id": "44"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC847E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV23.01.10",
"product": {
"name": "SIMATIC ITP1000",
"product_id": "45"
}
},
{
"category": "product_version_range",
"name": "\u003e=V23.01.10",
"product": {
"name": "SIMATIC ITP1000",
"product_id": "46"
}
}
],
"category": "product_name",
"name": "SIMATIC ITP1000"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-5953",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2020-5953"
},
{
"cve": "CVE-2020-27339",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2020-27339"
},
{
"cve": "CVE-2021-33625",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-33625"
},
{
"cve": "CVE-2021-33626",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"notes": [
{
"category": "summary",
"text": "In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 through 5.5).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-33626"
},
{
"cve": "CVE-2021-33627",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-33627"
},
{
"cve": "CVE-2021-38489",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the the HddPasswordPei driver of the Insyde InsydeH2O 5.x. HDD password is stored in plaintext.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-38489"
},
{
"cve": "CVE-2021-41837",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-41837"
},
{
"cve": "CVE-2021-41838",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-41838"
},
{
"cve": "CVE-2021-41839",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-41839"
},
{
"cve": "CVE-2021-41840",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-41840"
},
{
"cve": "CVE-2021-41841",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-41841"
},
{
"cve": "CVE-2021-42059",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-42059"
},
{
"cve": "CVE-2021-42060",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-42060"
},
{
"cve": "CVE-2021-42113",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-42113"
},
{
"cve": "CVE-2021-42554",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-42554"
},
{
"cve": "CVE-2021-43323",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-43323"
},
{
"cve": "CVE-2021-43522",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-43522"
},
{
"cve": "CVE-2021-43613",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Insyde InsydeH2O 5.x, affecting SysPasswordDxe that exposes user and administrator password hashes in runtime UEFI variables, leading to escalation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42",
"43",
"44",
"45",
"46"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42",
"43",
"44",
"45",
"46"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26",
"32",
"34",
"36",
"38",
"40",
"42",
"44",
"46"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V22.01.11 or later version",
"product_ids": [
"24"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42",
"43",
"44",
"45",
"46"
]
}
],
"title": "CVE-2021-43613"
},
{
"cve": "CVE-2021-43614",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Error in handling the PlatformLangCodes UEFI variable in the VariableEditSmm driver could cause a buffer overflow, leading to resource exhaustion and failure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-43614"
},
{
"cve": "CVE-2021-43615",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-43615"
},
{
"cve": "CVE-2021-45969",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-45969"
},
{
"cve": "CVE-2021-45970",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-45970"
},
{
"cve": "CVE-2021-45971",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25",
"26"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2021-45971"
},
{
"cve": "CVE-2022-24030",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V27.01.09 or later version",
"product_ids": [
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2022-24030"
},
{
"cve": "CVE-2022-24031",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V27.01.09 or later version",
"product_ids": [
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2022-24031"
},
{
"cve": "CVE-2022-24069",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As a prerequisite for an attack, an attacker must be able to run\nuntrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"25"
]
},
{
"category": "vendor_fix",
"details": "Update to V22.01.10 or later version",
"product_ids": [
"23"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V27.01.09 or later version",
"product_ids": [
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V28.01.04 or later version",
"product_ids": [
"27",
"28",
"29",
"30"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V21.01.17 or later version",
"product_ids": [
"31",
"33",
"35"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update to V25.02.12 or later version",
"product_ids": [
"37",
"39",
"41",
"43"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
},
{
"category": "vendor_fix",
"details": "Update BIOS to V23.01.10 or later version",
"product_ids": [
"45"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109763408/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"33",
"35",
"37",
"39",
"41",
"43",
"45"
]
}
],
"title": "CVE-2022-24069"
}
]
}
var-202202-0009
Vulnerability from variot
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count
SMM Privilege Escalation 10
SMM Memory Corruption 12
DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "insydeh2o",
"scope": "lt",
"trust": 1.0,
"vendor": "insyde",
"version": "5.16.29"
},
{
"model": "simatic ipc477e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic itp1000",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc227g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc377g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "insydeh2o",
"scope": "gte",
"trust": 1.0,
"vendor": "insyde",
"version": "5.1"
},
{
"model": "simatic field pg m5",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "insydeh2o",
"scope": "gte",
"trust": 1.0,
"vendor": "insyde",
"version": "5.0"
},
{
"model": "insydeh2o",
"scope": "lt",
"trust": 1.0,
"vendor": "insyde",
"version": "5.35.29"
},
{
"model": "simatic ipc847e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc677e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc277g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc627e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic field pg m6",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "insydeh2o",
"scope": "lt",
"trust": 1.0,
"vendor": "insyde",
"version": "5.26.29"
},
{
"model": "insydeh2o",
"scope": "gte",
"trust": 1.0,
"vendor": "insyde",
"version": "5.3"
},
{
"model": "simatic ipc647e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc127e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "insydeh2o",
"scope": "lt",
"trust": 1.0,
"vendor": "insyde",
"version": "5.08.29"
},
{
"model": "simatic ipc427e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc327g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "insydeh2o",
"scope": "gte",
"trust": 1.0,
"vendor": "insyde",
"version": "5.2"
},
{
"model": "insydeh2o",
"scope": null,
"trust": 0.8,
"vendor": "insyde",
"version": null
},
{
"model": "insydeh2o",
"scope": "eq",
"trust": 0.8,
"vendor": "insyde",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.08.29",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.16.29",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.26.29",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.35.29",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Vijay Sarvepalli.Statement Date:\u00a0\u00a0 March 01, 2022",
"sources": [
{
"db": "CERT/CC",
"id": "VU#796611"
}
],
"trust": 0.8
},
"cve": "CVE-2021-33627",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-33627",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33627",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33627",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-115",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-115"
},
{
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count \n\n\n\n\nSMM Privilege Escalation 10 \n\n\n SMM Memory Corruption 12 \n\n\n DXE Memory Corruption 1CVE-2020-27339 Affected\nCVE-2020-5953 Affected\nCVE-2021-33625 Affected\nCVE-2021-33626 Affected\nCVE-2021-33627 Affected\nCVE-2021-41837 Affected\nCVE-2021-41838 Affected\nCVE-2021-41839 Affected\nCVE-2021-41840 Affected\nCVE-2021-41841 Affected\nCVE-2021-42059 Affected\nCVE-2021-42060 Not Affected\nCVE-2021-42113 Affected\nCVE-2021-42554 Affected\nCVE-2021-43323 Affected\nCVE-2021-43522 Affected\nCVE-2021-43615 Not Affected\nCVE-2021-45969 Not Affected\nCVE-2021-45970 Not Affected\nCVE-2021-45971 Not Affected\nCVE-2022-24030 Not Affected\nCVE-2022-24031 Not Affected\nCVE-2022-24069 Not Affected\nCVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33627"
},
{
"db": "CERT/CC",
"id": "VU#796611"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33627",
"trust": 4.0
},
{
"db": "SIEMENS",
"id": "SSA-306654",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#796611",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98748974",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97136454",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001344",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022020316",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-73436",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-115",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#796611"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-115"
},
{
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"id": "VAR-202202-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-07-23T19:45:56.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Insyde\u0027s\u00a0Security\u00a0Pledge Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.insyde.com/security-pledge"
},
{
"title": "Insyde InsydeH2O Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180209"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-115"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20220222-0002/"
},
{
"trust": 1.6,
"url": "https://www.insyde.com/security-pledge"
},
{
"trust": 1.6,
"url": "https://www.insyde.com/security-pledge/sa-2022022"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33627"
},
{
"trust": 0.8,
"url": "cve-2020-27339 "
},
{
"trust": 0.8,
"url": "cve-2020-5953 "
},
{
"trust": 0.8,
"url": "cve-2021-33625 "
},
{
"trust": 0.8,
"url": "cve-2021-33626 "
},
{
"trust": 0.8,
"url": "cve-2021-33627 "
},
{
"trust": 0.8,
"url": "cve-2021-41837 "
},
{
"trust": 0.8,
"url": "cve-2021-41838 "
},
{
"trust": 0.8,
"url": "cve-2021-41839 "
},
{
"trust": 0.8,
"url": "cve-2021-41840 "
},
{
"trust": 0.8,
"url": "cve-2021-41841 "
},
{
"trust": 0.8,
"url": "cve-2021-42059 "
},
{
"trust": 0.8,
"url": "cve-2021-42060 "
},
{
"trust": 0.8,
"url": "cve-2021-42113 "
},
{
"trust": 0.8,
"url": "cve-2021-42554 "
},
{
"trust": 0.8,
"url": "cve-2021-43323 "
},
{
"trust": 0.8,
"url": "cve-2021-43522 "
},
{
"trust": 0.8,
"url": "cve-2021-43615 "
},
{
"trust": 0.8,
"url": "cve-2021-45969 "
},
{
"trust": 0.8,
"url": "cve-2021-45970 "
},
{
"trust": 0.8,
"url": "cve-2021-45971 "
},
{
"trust": 0.8,
"url": "cve-2022-24030 "
},
{
"trust": 0.8,
"url": "cve-2022-24031 "
},
{
"trust": 0.8,
"url": "cve-2022-24069 "
},
{
"trust": 0.8,
"url": "cve-2022-28806 "
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97136454/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98748974/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-73436"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022020316"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#796611"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-115"
},
{
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#796611"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-115"
},
{
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-01T00:00:00",
"db": "CERT/CC",
"id": "VU#796611"
},
{
"date": "2022-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"date": "2022-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-115"
},
{
"date": "2022-02-03T02:15:06.983000",
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-26T00:00:00",
"db": "CERT/CC",
"id": "VU#796611"
},
{
"date": "2022-02-28T07:09:00",
"db": "JVNDB",
"id": "JVNDB-2022-001344"
},
{
"date": "2022-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-115"
},
{
"date": "2024-07-22T17:15:02.883000",
"db": "NVD",
"id": "CVE-2021-33627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-115"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM",
"sources": [
{
"db": "CERT/CC",
"id": "VU#796611"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-115"
}
],
"trust": 0.6
}
}
ghsa-g6pg-5762-5mq6
Vulnerability from github
Published
2022-02-10 00:01
Modified
2024-07-22 18:31
Severity ?
Details
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2021-33627"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-03T02:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.",
"id": "GHSA-g6pg-5762-5mq6",
"modified": "2024-07-22T18:31:47Z",
"published": "2022-02-10T00:01:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33627"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220222-0002"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/SA-2022022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.