CVE-2021-42554
Summary
| CVE | CVE-2021-42554 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-03 02:15:00 UTC |
| Updated | 2022-03-08 20:18:00 UTC |
| Description | An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Insyde | Insydeh2o | All | All | All | All |
| Hardware | Siemens | Ruggedcom Ape1808 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Ape1808 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Field Pg M5 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M5 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Field Pg M6 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M6 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc127e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc127e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc227g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc227g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc277g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc277g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc327g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc327g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc377g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc377g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc427e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc427e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc477e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc477e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc627e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc627e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc647e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc647e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc677e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc677e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc847e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc847e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Itp1000 | - | All | All | All |
| Operating System | Siemens | Simatic Itp1000 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Insyde Security Advisory 2022012 | Insyde Software | MISC | www.insyde.com | |
| Insyde's Security Pledge | Insyde Software | MISC | www.insyde.com | |
| CVE-2021-42554 InsydeH2O Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590981 Siemens Industrial Products Insyde BIOS Multiple Vulnerabilities (SSA-306654)