QID 590981
Date Published: 2022-08-12
QID 590981: Siemens Industrial Products Insyde BIOS Multiple Vulnerabilities (SSA-306654)
AFFECTED PRODUCTS
RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 CLOUDCONNECT(6GK6015-0AL20-0GM0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 CLOUDCONNECT CC(6GK6015-0AL20-0GM1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0):All Versions prior to V01.00.20 2N
RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1):All Versions prior to V01.00.20 2N
SIMATIC Field PG M5:All versions
SIMATIC Field PG M6:All versions prior to V26.01.09
SIMATIC Field PG M6:All versions greater than equal to V26.01.09
SIMATIC IPC127E:All versions
SIMATIC IPC227G:All versions prior to V28.01.04
SIMATIC IPC277G:All versions prior to V28.01.04
SIMATIC IPC327G:All versions prior to V28.01.04
SIMATIC IPC377G:All versions prior to V28.01.04
SIMATIC IPC427E:All versions
SIMATIC IPC477E:All versions
SIMATIC IPC477E Pro:All versions
SIMATIC IPC627E:All versions
SIMATIC IPC647E:All versions
SIMATIC IPC677E:All versions
SIMATIC IPC847E:All versions
SIMATIC ITP1000:All versions prior to V23.01.10
SIMATIC ITP1000:All versions greater than equal to V23.01.10
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMIservices that use the Communicate() function of the EFI\_SMM\_COMMUNICATION\_PROTOCOL donot check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kerneladdresses.
Customers are advised to refer to CERT MITIGATIONS section ssa-306654 for affected packages and patching details.
CVEs related to QID 590981
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ssa-306654 |
cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf |