A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20220216-0006/ | Third Party Advisory |
| https://www.insyde.com/security-pledge | Vendor Advisory |
| https://www.insyde.com/security-pledge/SA-2021001 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
History
24 Apr 2022, 02:03
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory | |
| References | (MISC) https://www.insyde.com/security-pledge - Vendor Advisory | |
| References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220216-0006/ - Third Party Advisory | |
| CPE | cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:* |
24 Feb 2022, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
17 Feb 2022, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
03 Feb 2022, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| Summary | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. |
15 Oct 2021, 15:13
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-829 | |
| References | (MISC) https://www.insyde.com/security-pledge/SA-2021001 - Vendor Advisory | |
| CPE | cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
01 Oct 2021, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-10-01 03:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-33626
Mitre link : CVE-2021-33626
CVE.ORG link : CVE-2021-33626
JSON object : View
Products Affected
siemens
- simatic_ipc227g
- simatic_field_pg_m6_firmware
- simatic_ipc647e_firmware
- simatic_ipc477e_pro_firmware
- simatic_ipc227g_firmware
- simatic_ipc327g_firmware
- ruggedcom_apr1808
- simatic_ipc847e
- ruggedcom_apr1808_firmware
- simatic_ipc377g_firmware
- simatic_itp1000
- simatic_ipc377g
- simatic_ipc477e_pro
- simatic_ipc477e
- simatic_ipc647e
- simatic_ipc277g
- simatic_ipc327g
- simatic_ipc627e
- simatic_ipc847e_firmware
- simatic_field_pg_m5_firmware
- simatic_ipc427e
- simatic_itp1000_firmware
- simatic_ipc627e_firmware
- simatic_ipc127e_firmware
- simatic_field_pg_m5
- simatic_field_pg_m6
- simatic_ipc427e_firmware
- simatic_ipc477e_firmware
- simatic_ipc677e_firmware
- simatic_ipc677e
- simatic_ipc127e
- simatic_ipc277g_firmware
insyde
- insydeh2o
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere