Versio.io

CVE-2021-42554

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 03-02-2022 03:15
Last modified: - 08-03-2022 09:18
Total changes: - 6

Description

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Low
Attack complexity
Local
Attack vector
High
Availability
High
Confidentiality
High
Integrity
High
Privileges required
Changed
Scope
None
User interaction
8.2
Base score
1.5
6.0
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=insyde AND product=insydeh2o AND versionStartIncluding=5.0 AND versionEndExcluding=5.08.42
OR
vendor=insyde AND product=insydeh2o AND versionStartIncluding=5.1 AND versionEndExcluding=5.16.42
OR
vendor=insyde AND product=insydeh2o AND versionStartIncluding=5.2 AND versionEndExcluding=5.26.42
OR
vendor=insyde AND product=insydeh2o AND versionStartIncluding=5.3 AND versionEndExcluding=5.35.42
OR
vendor=insyde AND product=insydeh2o AND versionStartIncluding=5.4 AND versionEndExcluding=5.42.51
OR
vendor=insyde AND product=insydeh2o AND versionStartIncluding=5.5 AND versionEndExcluding=5.50.51
AND
OR
vendor=siemens AND product=simatic_field_pg_m5_firmware
OR
vendor=siemens AND product=simatic_field_pg_m5 AND version=-
AND
OR
vendor=siemens AND product=simatic_field_pg_m6_firmware
OR
vendor=siemens AND product=simatic_field_pg_m6 AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc127e_firmware
OR
vendor=siemens AND product=simatic_ipc127e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc227g_firmware
OR
vendor=siemens AND product=simatic_ipc227g AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc277g_firmware
OR
vendor=siemens AND product=simatic_ipc277g AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc327g_firmware
OR
vendor=siemens AND product=simatic_ipc327g AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc377g_firmware
OR
vendor=siemens AND product=simatic_ipc377g AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc427e_firmware
OR
vendor=siemens AND product=simatic_ipc427e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc477e_firmware
OR
vendor=siemens AND product=simatic_ipc477e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc627e_firmware
OR
vendor=siemens AND product=simatic_ipc627e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc647e_firmware
OR
vendor=siemens AND product=simatic_ipc647e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc677e_firmware
OR
vendor=siemens AND product=simatic_ipc677e AND version=-
AND
OR
vendor=siemens AND product=simatic_ipc847e_firmware
OR
vendor=siemens AND product=simatic_ipc847e AND version=-
AND
OR
vendor=siemens AND product=simatic_itp1000_firmware
OR
vendor=siemens AND product=simatic_itp1000 AND version=-
AND
OR
vendor=siemens AND product=ruggedcom_ape1808_firmware
OR
vendor=siemens AND product=ruggedcom_ape1808 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2021-42554

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.