Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ruggedcom_ape1808

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2021-33625
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.68%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 01:55
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)NetApp, Inc.Siemens AG
Product-simatic_ipc127e_firmwaresimatic_ipc377ginsydeh2osimatic_ipc677esimatic_ipc227g_firmwaresimatic_ipc647e_firmwaresimatic_ipc277gsimatic_ipc627e_firmwaresimatic_ipc477esimatic_ipc627esimatic_ipc847e_firmwaresimatic_field_pg_m6_firmwaresimatic_field_pg_m5simatic_itp1000simatic_ipc377g_firmwaresimatic_ipc327g_firmwaresimatic_ipc477e_firmwaresimatic_ipc427e_firmwaresimatic_ipc847esimatic_ipc427esimatic_field_pg_m6simatic_ipc227gsimatic_ipc477e_prosimatic_field_pg_m5_firmwaresimatic_ipc677e_firmwaresimatic_ipc477e_pro_firmwarefas\/aff_biossimatic_ipc277g_firmwaresimatic_ipc127esimatic_itp1000_firmwareruggedcom_ape1808ruggedcom_ape1808_firmwaresimatic_ipc647esimatic_ipc327gn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42554
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.05% / 13.85%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 01:40
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)Siemens AG
Product-simatic_ipc127e_firmwaresimatic_ipc477e_firmwaresimatic_ipc427e_firmwaresimatic_ipc847esimatic_ipc377gsimatic_ipc427esimatic_field_pg_m6insydeh2osimatic_ipc227gsimatic_ipc677esimatic_field_pg_m5_firmwaresimatic_ipc677e_firmwaresimatic_ipc277g_firmwaresimatic_ipc227g_firmwaresimatic_ipc127esimatic_ipc647e_firmwaresimatic_ipc277gsimatic_itp1000_firmwareruggedcom_ape1808simatic_ipc627e_firmwaresimatic_ipc477esimatic_field_pg_m6_firmwaresimatic_ipc627esimatic_ipc847e_firmwareruggedcom_ape1808_firmwaresimatic_field_pg_m5simatic_itp1000simatic_ipc647esimatic_ipc327gsimatic_ipc377g_firmwaresimatic_ipc327g_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5953
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.44%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 01:00
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)Siemens AG
Product-simatic_ipc127e_firmwaresimatic_ipc377ginsydeh2osimatic_ipc677esimatic_ipc227g_firmwaresimatic_ipc647e_firmwaresimatic_ipc277gsimatic_ipc627esimatic_ipc627e_firmwaresimatic_field_pg_m6_firmwaresimatic_ipc847e_firmwaresimatic_ipc477esimatic_field_pg_m5simatic_itp1000simatic_ipc377g_firmwaresimatic_ipc327g_firmwaresimatic_ipc477e_firmwaresimatic_ipc427e_firmwaresimatic_ipc847esimatic_ipc427esimatic_field_pg_m6simatic_ipc227gsimatic_ipc477e_prosimatic_field_pg_m5_firmwaresimatic_ipc677e_firmwaresimatic_ipc477e_pro_firmwaresimatic_ipc277g_firmwaresimatic_ipc127esimatic_itp1000_firmwareruggedcom_ape1808ruggedcom_ape1808_firmwaresimatic_ipc647esimatic_ipc327gn/a