CVE-2021-33626 | Severity.io

Description

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Related CPE's

o

insyde

insydeh2o

7

ruggedcom_apr1808_firmware

Vulnerable

ruggedcom_apr1808

simatic_field_pg_m5_firmware

Vulnerable

simatic_field_pg_m5

simatic_field_pg_m6_firmware

Vulnerable

simatic_field_pg_m6

simatic_ipc127e_firmware

Vulnerable

simatic_ipc127e

simatic_ipc227g_firmware

Vulnerable

simatic_ipc227g

simatic_ipc277g_firmware

Vulnerable

simatic_ipc277g

simatic_ipc327g_firmware

Vulnerable

simatic_ipc327g

simatic_ipc377g_firmware

Vulnerable

simatic_ipc377g

simatic_ipc427e_firmware

Vulnerable

simatic_ipc427e

simatic_ipc477e_firmware

Vulnerable

simatic_ipc477e

simatic_ipc477e_pro_firmware

Vulnerable

simatic_ipc477e_pro

simatic_ipc627e_firmware

Vulnerable

simatic_ipc627e

simatic_ipc647e_firmware

Vulnerable

simatic_ipc647e

simatic_ipc677e_firmware

Vulnerable

simatic_ipc677e

simatic_ipc847e_firmware

Vulnerable

simatic_ipc847e

simatic_itp1000_firmware

Vulnerable

simatic_itp1000

References

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220216-0006/

Third Party Advisory

https://www.insyde.com/security-pledge

Vendor Advisory

https://www.insyde.com/security-pledge/SA-2021001

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-829

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-01T03:15:06.593

3 years ago

Last modified

2022-04-24T02:03:42.070

3 years ago