Versio.io

CVE-2020-5953

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 03-02-2022 02:15
Last modified: - 12-04-2022 08:17
Total changes: - 4

Description

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
High
Attack complexity
Local
Attack vector
High
Availability
High
Confidentiality
High
Integrity
High
Privileges required
Changed
Scope
None
User interaction
7.5
Base score
0.8
6.0
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=insyde AND product=insydeh2o AND version=5.12.09.0074
vendor=insyde AND product=insydeh2o AND version=5.23.04.0045
vendor=insyde AND product=insydeh2o AND version=5.23.45.0023
vendor=insyde AND product=insydeh2o AND version=5.33.15.0034
vendor=insyde AND product=insydeh2o AND version=5.34.03.0029
vendor=insyde AND product=insydeh2o AND version=5.42.03.0010
AND
OR
vendor=siemens AND product=ruggedcom_ape1808_firmware AND version=-
OR
vendor=siemens AND product=ruggedcom_ape1808 AND version=-
AND
OR
vendor=siemens AND product=simatic_field_pg_m6_firmware AND version=-
OR
vendor=siemens AND product=simatic_field_pg_m6 AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc127e_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc127e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc227g_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc227g AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc277g_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc277g AND version=-
AND
OR
vendor=siemens AND product=simatic_itp1000_firmware AND version=-
OR
vendor=siemens AND product=simatic_itp1000 AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc477e_pro_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc477e_pro AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc627e_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc627e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc647e_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc647e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc677e_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc677e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc847e_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc847e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc327g_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc327g AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc377g_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc377g AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc427e_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc427e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc477e_firmware AND version=-
OR
vendor=siemens AND product=simatic_ipc477e AND version=-
AND
OR
vendor=siemens AND product=simatic_field_pg_m5_firmware AND version=-
OR
vendor=siemens AND product=simatic_field_pg_m5 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-5953

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.