Vulnerability Details CVE-2020-5953
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.9
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
- https://security.netapp.com/advisory/ntap-20220222-0005/
- https://www.insyde.com/products
- https://www.insyde.com/security-pledge
- https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
- https://security.netapp.com/advisory/ntap-20220222-0005/
- https://www.insyde.com/products
- https://www.insyde.com/security-pledge
Products affected by CVE-2020-5953
-
cpe:2.3:a:insyde:insydeh2o:5.12.09.0074
-
cpe:2.3:a:insyde:insydeh2o:5.23.04.0045
-
cpe:2.3:a:insyde:insydeh2o:5.23.45.0023
-
cpe:2.3:a:insyde:insydeh2o:5.33.15.0034
-
cpe:2.3:a:insyde:insydeh2o:5.34.03.0029
-
cpe:2.3:a:insyde:insydeh2o:5.42.03.0010
-
cpe:2.3:h:siemens:ruggedcom_ape1808:-
-
cpe:2.3:h:siemens:simatic_field_pg_m5:-
-
cpe:2.3:h:siemens:simatic_field_pg_m6:-
-
cpe:2.3:h:siemens:simatic_ipc127e:-
-
cpe:2.3:h:siemens:simatic_ipc227g:-
-
cpe:2.3:h:siemens:simatic_ipc277g:-
-
cpe:2.3:h:siemens:simatic_ipc327g:-
-
cpe:2.3:h:siemens:simatic_ipc377g:-
-
cpe:2.3:h:siemens:simatic_ipc427e:-
-
cpe:2.3:h:siemens:simatic_ipc477e:-
-
cpe:2.3:h:siemens:simatic_ipc477e_pro:-
-
cpe:2.3:h:siemens:simatic_ipc627e:-
-
cpe:2.3:h:siemens:simatic_ipc647e:-
-
cpe:2.3:h:siemens:simatic_ipc677e:-
-
cpe:2.3:h:siemens:simatic_ipc847e:-
-
cpe:2.3:h:siemens:simatic_itp1000:-
-
cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-
-
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc127e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc227g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc277g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc327g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc377g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc627e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc647e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc677e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc847e_firmware:-
-
cpe:2.3:o:siemens:simatic_itp1000_firmware:-