An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20220222-0001/ | Third Party Advisory |
| https://www.insyde.com/security-pledge | Vendor Advisory |
| https://www.insyde.com/security-pledge/SA-2022023 | Vendor Advisory |
| https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20220222-0001/ | Third Party Advisory |
| https://www.insyde.com/security-pledge | Vendor Advisory |
| https://www.insyde.com/security-pledge/SA-2022023 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
History
21 Nov 2024, 06:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory | |
| References | () https://security.netapp.com/advisory/ntap-20220222-0001/ - Third Party Advisory | |
| References | () https://www.insyde.com/security-pledge - Vendor Advisory | |
| References | () https://www.insyde.com/security-pledge/SA-2022023 - Vendor Advisory |
01 Mar 2022, 19:42
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:* |
|
| References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory | |
| References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220222-0001/ - Third Party Advisory |
24 Feb 2022, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
09 Feb 2022, 17:51
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.insyde.com/security-pledge/SA-2022023 - Vendor Advisory | |
| References | (MISC) https://www.insyde.com/security-pledge - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 8.2 |
| CWE | CWE-119 | |
| CPE | cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* |
09 Feb 2022, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| Summary | An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. |
03 Feb 2022, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-02-03 02:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41838
Mitre link : CVE-2021-41838
CVE.ORG link : CVE-2021-41838
JSON object : View
Products Affected
siemens
- simatic_ipc677e
- simatic_ipc127e_firmware
- simatic_ipc427e_firmware
- simatic_ipc427e
- simatic_ipc647e
- simatic_itp1000
- simatic_ipc627e_firmware
- simatic_ipc477e_firmware
- simatic_ipc647e_firmware
- simatic_ipc847e_firmware
- simatic_field_pg_m5
- simatic_field_pg_m6_firmware
- simatic_ipc227g
- simatic_ipc627e
- simatic_itp1000_firmware
- simatic_field_pg_m5_firmware
- simatic_ipc277g
- simatic_ipc327g
- simatic_ipc127e
- simatic_ipc277g_firmware
- simatic_ipc847e
- simatic_field_pg_m6
- simatic_ipc377g_firmware
- simatic_ipc677e_firmware
- simatic_ipc377g
- simatic_ipc227g_firmware
- simatic_ipc477e
- simatic_ipc327g_firmware
insyde
- insydeh2o
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer