Vulnerabilities > CVE-2021-42554 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

insyde

siemens

CWE-787

NVD

Published: 2022-02-03

Updated: 2022-03-08

Summary

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Vulnerable Configurations

Part	Description	Count
Application	Insyde Insyde Insydeh2O 5.0 Insyde Insydeh2O 5.1 Insyde Insydeh2O 5.2 Insyde Insydeh2O 5.3 Insyde Insydeh2O 5.4 Insyde Insydeh2O 5.5 Insyde Insydeh2O 5.08.29 Insyde Insydeh2O 5.08.41 Insyde Insydeh2O 5.08.45 Insyde Insydeh2O 05.08.46 Insyde Insydeh2O 5.12.09.0074 Insyde Insydeh2O 5.14.34 Insyde Insydeh2O 05.15.11 Insyde Insydeh2O 5.16.23 Insyde Insydeh2O 5.16.25 Insyde Insydeh2O 5.16.29 Insyde Insydeh2O 5.16.41 Insyde Insydeh2O 5.16.42 Insyde Insydeh2O 5.16.45 Insyde Insydeh2O 05.16.46 Insyde Insydeh2O 5.23.04.0045 Insyde Insydeh2O 5.23.22 Insyde Insydeh2O 5.23.35 Insyde Insydeh2O 5.23.45.0023 Insyde Insydeh2O 5.24.34 Insyde Insydeh2O 05.25.11 Insyde Insydeh2O 5.25.44 Insyde Insydeh2O 5.26.23 Insyde Insydeh2O 5.26.25 Insyde Insydeh2O 5.26.29 Insyde Insydeh2O 5.26.41 Insyde Insydeh2O 5.26.42 Insyde Insydeh2O 5.26.45 Insyde Insydeh2O 05.26.46 Insyde Insydeh2O 5.32.22 Insyde Insydeh2O 5.32.35 Insyde Insydeh2O 5.33.15.0034 Insyde Insydeh2O 5.33.34 Insyde Insydeh2O 5.33.45 Insyde Insydeh2O 5.34.03.0029 Insyde Insydeh2O 05.34.11 Insyde Insydeh2O 5.34.44 Insyde Insydeh2O 5.35.23 Insyde Insydeh2O 5.35.25 Insyde Insydeh2O 5.35.29 Insyde Insydeh2O 5.35.41 Insyde Insydeh2O 5.35.42 Insyde Insydeh2O 05.35.46 Insyde Insydeh2O 5.40.35 Insyde Insydeh2O 5.42.03.0010 Insyde Insydeh2O 05.42.11 Insyde Insydeh2O 5.42.20 Insyde Insydeh2O 5.42.44 Insyde Insydeh2O 5.43.22 Insyde Insydeh2O 5.43.25 Insyde Insydeh2O 5.43.29 Insyde Insydeh2O 5.43.41 Insyde Insydeh2O 5.43.42 Insyde Insydeh2O 5.43.45 Insyde Insydeh2O 05.43.46	60
OS	Siemens Siemens Simatic Field PG M5 Firmware * Siemens Simatic Field PG M6 Firmware * Siemens Simatic Ipc127E Firmware * Siemens Simatic Ipc227G Firmware * Siemens Simatic Ipc277G Firmware * Siemens Simatic Ipc327G Firmware * Siemens Simatic Ipc377G Firmware * Siemens Simatic Ipc427E Firmware * Siemens Simatic Ipc477E Firmware * Siemens Simatic Ipc627E Firmware * Siemens Simatic Ipc647E Firmware * Siemens Simatic Ipc677E Firmware * Siemens Simatic Ipc847E Firmware * Siemens Simatic Itp1000 Firmware * Siemens Ruggedcom Ape1808 Firmware *	15
Hardware	Siemens Siemens Simatic Field PG M5 - Siemens Simatic Field PG M6 - Siemens Simatic Ipc127E - Siemens Simatic Ipc227G - Siemens Simatic Ipc277G - Siemens Simatic Ipc327G - Siemens Simatic Ipc377G - Siemens Simatic Ipc427E - Siemens Simatic Ipc477E - Siemens Simatic Ipc627E - Siemens Simatic Ipc647E - Siemens Simatic Ipc677E - Siemens Simatic Ipc847E - Siemens Simatic Itp1000 - Siemens Ruggedcom Ape1808 -	15

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References