TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2021-41838

HIGH
8.2

Beschreibung

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.

CVE Details

CVSS v3.1 Bewertung8.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht2/3/2022
Zuletzt geandert11/4/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

insyde:insydeh2osiemens:simatic_field_pg_m5siemens:simatic_field_pg_m5_firmwaresiemens:simatic_field_pg_m6siemens:simatic_field_pg_m6_firmwaresiemens:simatic_ipc127esiemens:simatic_ipc127e_firmwaresiemens:simatic_ipc227gsiemens:simatic_ipc227g_firmwaresiemens:simatic_ipc277gsiemens:simatic_ipc277g_firmwaresiemens:simatic_ipc327gsiemens:simatic_ipc327g_firmwaresiemens:simatic_ipc377gsiemens:simatic_ipc377g_firmwaresiemens:simatic_ipc427esiemens:simatic_ipc427e_firmwaresiemens:simatic_ipc477esiemens:simatic_ipc477e_firmwaresiemens:simatic_ipc627esiemens:simatic_ipc627e_firmwaresiemens:simatic_ipc647esiemens:simatic_ipc647e_firmwaresiemens:simatic_ipc677esiemens:simatic_ipc677e_firmwaresiemens:simatic_ipc847esiemens:simatic_ipc847e_firmwaresiemens:simatic_itp1000siemens:simatic_itp1000_firmware

Schwachen (CWE)

CWE-119

Referenzen

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20220222-0001/(cve@mitre.org)
https://www.insyde.com/security-pledge(cve@mitre.org)
https://www.insyde.com/security-pledge/SA-2022023(cve@mitre.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220222-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge(af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2022023(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/796611(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.