Vulnerability Details CVE-2021-33627
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 7.2
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
- https://security.netapp.com/advisory/ntap-20220222-0002/
- https://www.insyde.com/security-pledge
- https://www.insyde.com/security-pledge/SA-2022022
- https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
- https://security.netapp.com/advisory/ntap-20220222-0002/
- https://www.insyde.com/security-pledge
- https://www.insyde.com/security-pledge/SA-2022022
Products affected by CVE-2021-33627
-
cpe:2.3:a:insyde:insydeh2o:05.08.46
-
cpe:2.3:a:insyde:insydeh2o:05.0a.11
-
cpe:2.3:a:insyde:insydeh2o:05.15.11
-
cpe:2.3:a:insyde:insydeh2o:05.16.46
-
cpe:2.3:a:insyde:insydeh2o:05.18.03
-
cpe:2.3:a:insyde:insydeh2o:05.25.11
-
cpe:2.3:a:insyde:insydeh2o:05.26.46
-
cpe:2.3:a:insyde:insydeh2o:05.27.23
-
cpe:2.3:a:insyde:insydeh2o:05.27.37
-
cpe:2.3:a:insyde:insydeh2o:05.28.03
-
cpe:2.3:a:insyde:insydeh2o:05.28.19
-
cpe:2.3:a:insyde:insydeh2o:05.34.11
-
cpe:2.3:a:insyde:insydeh2o:5.0
-
cpe:2.3:a:insyde:insydeh2o:5.08.29
-
cpe:2.3:a:insyde:insydeh2o:5.08.41
-
cpe:2.3:a:insyde:insydeh2o:5.08.45
-
cpe:2.3:a:insyde:insydeh2o:5.1
-
cpe:2.3:a:insyde:insydeh2o:5.12.09.0074
-
cpe:2.3:a:insyde:insydeh2o:5.14.34
-
cpe:2.3:a:insyde:insydeh2o:5.16.23
-
cpe:2.3:a:insyde:insydeh2o:5.16.25
-
cpe:2.3:a:insyde:insydeh2o:5.16.29
-
cpe:2.3:a:insyde:insydeh2o:5.16.41
-
cpe:2.3:a:insyde:insydeh2o:5.16.42
-
cpe:2.3:a:insyde:insydeh2o:5.16.45
-
cpe:2.3:a:insyde:insydeh2o:5.2
-
cpe:2.3:a:insyde:insydeh2o:5.2.05.27.29
-
cpe:2.3:a:insyde:insydeh2o:5.2.05.28.22
-
cpe:2.3:a:insyde:insydeh2o:5.2.05.28.33
-
cpe:2.3:a:insyde:insydeh2o:5.2.05.28.47
-
cpe:2.3:a:insyde:insydeh2o:5.23.04.0045
-
cpe:2.3:a:insyde:insydeh2o:5.23.22
-
cpe:2.3:a:insyde:insydeh2o:5.23.35
-
cpe:2.3:a:insyde:insydeh2o:5.23.45.0023
-
cpe:2.3:a:insyde:insydeh2o:5.24.34
-
cpe:2.3:a:insyde:insydeh2o:5.25.44
-
cpe:2.3:a:insyde:insydeh2o:5.26.23
-
cpe:2.3:a:insyde:insydeh2o:5.26.25
-
cpe:2.3:a:insyde:insydeh2o:5.26.29
-
cpe:2.3:a:insyde:insydeh2o:5.26.41
-
cpe:2.3:a:insyde:insydeh2o:5.26.42
-
cpe:2.3:a:insyde:insydeh2o:5.26.45
-
cpe:2.3:a:insyde:insydeh2o:5.3
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.36.29
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.37.17
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.37.22
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.37.33
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.37.47
-
cpe:2.3:a:insyde:insydeh2o:5.32.22
-
cpe:2.3:a:insyde:insydeh2o:5.32.35
-
cpe:2.3:a:insyde:insydeh2o:5.33.15.0034
-
cpe:2.3:a:insyde:insydeh2o:5.33.34
-
cpe:2.3:a:insyde:insydeh2o:5.33.45
-
cpe:2.3:a:insyde:insydeh2o:5.34.03.0029
-
cpe:2.3:a:insyde:insydeh2o:5.34.44
-
cpe:2.3:a:insyde:insydeh2o:5.35.23
-
cpe:2.3:a:insyde:insydeh2o:5.35.25
-
cpe:2.3:a:insyde:insydeh2o:5.4
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.44.13
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.45.17
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.45.22
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.45.33
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.45.47
-
cpe:2.3:a:insyde:insydeh2o:5.5
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.52.13
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.53.17
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.53.22
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.53.33
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.53.47
-
cpe:2.3:a:insyde:insydeh2o:5.6
-
cpe:2.3:a:insyde:insydeh2o:5.6.05.60.17
-
cpe:2.3:a:insyde:insydeh2o:5.6.05.60.22
-
cpe:2.3:a:insyde:insydeh2o:5.6.05.60.33
-
cpe:2.3:a:insyde:insydeh2o:5.6.05.60.47
-
cpe:2.3:h:siemens:simatic_field_pg_m5:-
-
cpe:2.3:h:siemens:simatic_field_pg_m6:-
-
cpe:2.3:h:siemens:simatic_ipc127e:-
-
cpe:2.3:h:siemens:simatic_ipc227g:-
-
cpe:2.3:h:siemens:simatic_ipc277g:-
-
cpe:2.3:h:siemens:simatic_ipc327g:-
-
cpe:2.3:h:siemens:simatic_ipc377g:-
-
cpe:2.3:h:siemens:simatic_ipc427e:-
-
cpe:2.3:h:siemens:simatic_ipc477e:-
-
cpe:2.3:h:siemens:simatic_ipc627e:-
-
cpe:2.3:h:siemens:simatic_ipc647e:-
-
cpe:2.3:h:siemens:simatic_ipc677e:-
-
cpe:2.3:h:siemens:simatic_ipc847e:-
-
cpe:2.3:h:siemens:simatic_itp1000:-
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.01
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.02
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.03
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.04
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.05
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.06
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.08
-
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-
-
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:26.01.07
-
cpe:2.3:o:siemens:simatic_ipc127e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc127e_firmware:21.01.07
-
cpe:2.3:o:siemens:simatic_ipc227g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc277g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc327g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc377g_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.03
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.05
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.06
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.07
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.08
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.09
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.14
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.15
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.03
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.05
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.06
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.07
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.08
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.09
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.14
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.15
-
cpe:2.3:o:siemens:simatic_ipc627e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc627e_firmware:25.02.06
-
cpe:2.3:o:siemens:simatic_ipc627e_firmware:25.02.08
-
cpe:2.3:o:siemens:simatic_ipc627e_firmware:25.02.10
-
cpe:2.3:o:siemens:simatic_ipc647e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc647e_firmware:25.02.06
-
cpe:2.3:o:siemens:simatic_ipc647e_firmware:25.02.08
-
cpe:2.3:o:siemens:simatic_ipc647e_firmware:25.02.10
-
cpe:2.3:o:siemens:simatic_ipc677e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc677e_firmware:25.02.06
-
cpe:2.3:o:siemens:simatic_ipc677e_firmware:25.02.08
-
cpe:2.3:o:siemens:simatic_ipc677e_firmware:25.02.10
-
cpe:2.3:o:siemens:simatic_ipc847e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc847e_firmware:25.02.06
-
cpe:2.3:o:siemens:simatic_ipc847e_firmware:25.02.08
-
cpe:2.3:o:siemens:simatic_ipc847e_firmware:25.02.10
-
cpe:2.3:o:siemens:simatic_itp1000_firmware:-
-
cpe:2.3:o:siemens:simatic_itp1000_firmware:23.01.04
-
cpe:2.3:o:siemens:simatic_itp1000_firmware:23.01.08