CVE-2021-33627

An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses

CVSS v3 8.2 HIGH
CVSS v2.0 7.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220222-0002/	Third Party Advisory
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022022	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*

History

01 Mar 2022, 19:53

Type	Values Removed	Values Added
First Time		Siemens simatic Ipc627e Firmware Siemens Siemens simatic Ipc677e Siemens simatic Ipc377g Firmware Siemens simatic Ipc847e Siemens simatic Ipc127e Firmware Siemens simatic Ipc277g Siemens simatic Ipc277g Firmware Siemens simatic Ipc327g Firmware Siemens simatic Ipc477e Firmware Siemens simatic Ipc427e Firmware Siemens simatic Ipc847e Firmware Siemens simatic Ipc377g Siemens simatic Itp1000 Siemens simatic Field Pg M6 Firmware Siemens simatic Ipc227g Firmware Siemens simatic Ipc127e Siemens simatic Ipc477e Siemens simatic Field Pg M5 Firmware Siemens simatic Ipc647e Siemens simatic Field Pg M6 Siemens simatic Ipc427e Siemens simatic Field Pg M5 Siemens simatic Ipc677e Firmware Siemens simatic Ipc647e Firmware Siemens simatic Ipc327g Siemens simatic Ipc627e Siemens simatic Ipc227g Siemens simatic Itp1000 Firmware
CPE		cpe:2.3:h:siemens:simatic_ipc647e:-:::::::* cpe:2.3:o:siemens:simatic_ipc127e_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc847e:-:::::::* cpe:2.3:h:siemens:simatic_field_pg_m5:-:::::::* cpe:2.3:o:siemens:simatic_itp1000_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc327g:-:::::::* cpe:2.3:h:siemens:simatic_ipc627e:-:::::::* cpe:2.3:h:siemens:simatic_ipc127e:-:::::::* cpe:2.3:o:siemens:simatic_ipc627e_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc847e_firmware:::::::: cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:::::::: cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc277g:-:::::::* cpe:2.3:o:siemens:simatic_ipc227g_firmware:::::::: cpe:2.3:h:siemens:simatic_ipc477e:-:::::::* cpe:2.3:o:siemens:simatic_ipc277g_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc677e_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc327g_firmware:::::::: cpe:2.3:h:siemens:simatic_itp1000:-:::::::* cpe:2.3:h:siemens:simatic_ipc677e:-:::::::* cpe:2.3:h:siemens:simatic_ipc227g:-:::::::* cpe:2.3:h:siemens:simatic_ipc377g:-:::::::* cpe:2.3:h:siemens:simatic_ipc427e:-:::::::* cpe:2.3:o:siemens:simatic_ipc377g_firmware:::::::: cpe:2.3:h:siemens:simatic_field_pg_m6:-:::::::* cpe:2.3:o:siemens:simatic_ipc647e_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc427e_firmware:::::::: cpe:2.3:o:siemens:simatic_ipc477e_firmware::::::::
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220222-0002/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220222-0002/ - Third Party Advisory

24 Feb 2022, 15:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - (CONFIRM) https://security.netapp.com/advisory/ntap-20220222-0002/ -

09 Feb 2022, 19:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:insyde:insydeh2o::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 8.2
First Time		Insyde Insyde insydeh2o
References	~~(MISC) https://www.insyde.com/security-pledge -~~	(MISC) https://www.insyde.com/security-pledge - Vendor Advisory
References	~~(MISC) https://www.insyde.com/security-pledge/SA-2022022 -~~	(MISC) https://www.insyde.com/security-pledge/SA-2022022 - Vendor Advisory
CWE		CWE-119

09 Feb 2022, 02:15

Type	Values Removed	Values Added
Summary	A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.	An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses
References		(MISC) https://www.insyde.com/security-pledge/SA-2022022 -

03 Feb 2022, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-03 02:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-33627

Mitre link : CVE-2021-33627

CVE.ORG link : CVE-2021-33627

JSON object : View

Products Affected

siemens

simatic_ipc647e
simatic_ipc627e_firmware
simatic_itp1000
simatic_field_pg_m6
simatic_field_pg_m5
simatic_ipc377g_firmware
simatic_ipc427e
simatic_itp1000_firmware
simatic_ipc677e
simatic_ipc477e_firmware
simatic_ipc847e
simatic_field_pg_m5_firmware
simatic_ipc377g
simatic_ipc277g_firmware
simatic_field_pg_m6_firmware
simatic_ipc677e_firmware
simatic_ipc847e_firmware
simatic_ipc227g
simatic_ipc627e
simatic_ipc227g_firmware
simatic_ipc427e_firmware
simatic_ipc327g_firmware
simatic_ipc127e
simatic_ipc277g
simatic_ipc127e_firmware
simatic_ipc647e_firmware
simatic_ipc327g
simatic_ipc477e

insyde

insydeh2o

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.2 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-33627

8.2^/10

7.2^/10

Attach tags to `CVE-2021-33627`