CVE-2021-33626
Summary
| CVE | CVE-2021-33626 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-01 03:15:00 UTC |
| Updated | 2022-04-24 02:03:00 UTC |
| Description | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. |
Risk And Classification
Problem Types: CWE-829
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Insyde | Insydeh2o | All | All | All | All |
| Hardware | Siemens | Ruggedcom Apr1808 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Apr1808 Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Field Pg M5 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M5 Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Field Pg M6 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M6 Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc127e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc127e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc227g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc227g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc277g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc277g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc327g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc327g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc377g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc377g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc427e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc427e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc477e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc477e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc477e Pro | - | All | All | All |
| Operating System | Siemens | Simatic Ipc477e Pro Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc627e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc627e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc647e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc647e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc677e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc677e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc847e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc847e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Itp1000 | - | All | All | All |
| Operating System | Siemens | Simatic Itp1000 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory | Insyde Software | MISC | www.insyde.com | |
| Insyde's Security Pledge | Insyde Software | MISC | www.insyde.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE-2021-33626 InsydeH2O Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590981 Siemens Industrial Products Insyde BIOS Multiple Vulnerabilities (SSA-306654)