Description

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Related CPE's

o

insyde

insydeh2o

7

o

siemens

ruggedcom_apr1808_firmware

-

Vulnerable

h

siemens

ruggedcom_apr1808

-

o

siemens

simatic_field_pg_m5_firmware

-

Vulnerable

h

siemens

simatic_field_pg_m5

-

o

siemens

simatic_field_pg_m6_firmware

-

Vulnerable

h

siemens

simatic_field_pg_m6

-

o

siemens

simatic_ipc127e_firmware

-

Vulnerable

h

siemens

simatic_ipc127e

-

o

siemens

simatic_ipc227g_firmware

-

Vulnerable

h

siemens

simatic_ipc227g

-

o

siemens

simatic_ipc277g_firmware

-

Vulnerable

h

siemens

simatic_ipc277g

-

o

siemens

simatic_ipc327g_firmware

-

Vulnerable

h

siemens

simatic_ipc327g

-

o

siemens

simatic_ipc377g_firmware

-

Vulnerable

h

siemens

simatic_ipc377g

-

o

siemens

simatic_ipc427e_firmware

-

Vulnerable

h

siemens

simatic_ipc427e

-

o

siemens

simatic_ipc477e_firmware

-

Vulnerable

h

siemens

simatic_ipc477e

-

o

siemens

simatic_ipc477e_pro_firmware

-

Vulnerable

h

siemens

simatic_ipc477e_pro

-

o

siemens

simatic_ipc627e_firmware

-

Vulnerable

h

siemens

simatic_ipc627e

-

o

siemens

simatic_ipc647e_firmware

-

Vulnerable

h

siemens

simatic_ipc647e

-

o

siemens

simatic_ipc677e_firmware

-

Vulnerable

h

siemens

simatic_ipc677e

-

o

siemens

simatic_ipc847e_firmware

-

Vulnerable

h

siemens

simatic_ipc847e

-

o

siemens

simatic_itp1000_firmware

-

Vulnerable

h

siemens

simatic_itp1000

-

References

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220216-0006/

Third Party Advisory

https://www.insyde.com/security-pledge

Vendor Advisory

https://www.insyde.com/security-pledge/SA-2021001

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220216-0006/

Third Party Advisory

https://www.insyde.com/security-pledge

Vendor Advisory

https://www.insyde.com/security-pledge/SA-2021001

Vendor Advisory

https://www.kb.cert.org/vuls/id/796611

Weaknesses

[email protected]

Primary
CWE-829

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-01T01:15:06.593Z

4 years ago

Last modified

2025-11-04T19:16:00.367Z

4 months ago