high
7.8
CWE
829
Advisory Published
Updated

CVE-2021-33626

First published: Fri Oct 01 2021(Updated: )

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Insyde H2O>=5.3<5.34.44
Insyde H2O>=5.2<5.25.44
Insyde H2O>=5.1<5.16.25
Insyde H2O>=5.4<5.42.44
Insyde H2O>=5.3<5.35.25
Insyde H2O>=5.2<5.26.25
Insyde H2O>=5.4<5.43.25
Siemens Ruggedcom APR1808
Siemens Ruggedcom APR1808 Firmware
Siemens Simatic Field PG M5
Siemens Simatic Field PG M5
Siemens Simatic Field PG M6 Firmware
Siemens Simatic Field PG M6 Firmware
Siemens Simatic IPC127E Firmware
Siemens Simatic IPC127E Firmware
Siemens Simatic IPC227G
Siemens Simatic IPC227G Firmware
Siemens Simatic IPC277G
Siemens SIMATIC IPC277G PRO
Siemens Simatic IPC327G Firmware
Siemens Simatic IPC327G Firmware
Siemens Simatic IPC377G
Siemens Simatic IPC377G
Siemens Simatic IPC427E Firmware
Siemens Simatic IPC427E Firmware
Siemens Simatic IPC477E Firmware
Siemens Simatic IPC477E Firmware
Siemens Simatic IPC477E Pro
Siemens Simatic IPC477E Firmware
Siemens Simatic IPC627E Firmware
Siemens Simatic IPC627E Firmware
Siemens Simatic IPC647E Firmware
Siemens Simatic IPC647E Firmware
Siemens Simatic IPC677E Firmware
Siemens Simatic IPC677E Firmware
Siemens Simatic IPC847E Firmware
Siemens Simatic IPC847E Firmware
Siemens Simatic ITP1000
Siemens Simatic ITP1000 Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-33626?

    CVE-2021-33626 is a vulnerability that exists in the SMM (System Management Mode) branch, allowing an attacker to corrupt data in SMRAM memory and execute arbitrary code.

  • Which software is affected by CVE-2021-33626?

    Insyde InsydeH2O versions 5.3 to 5.34.44, 5.2 to 5.25.44, 5.1 to 5.16.25, 5.4 to 5.42.44, 5.3 to 5.35.25, 5.2 to 5.26.25, 5.4 to 5.43.25, Siemens Ruggedcom Apr1808 Firmware

  • What is the severity of CVE-2021-33626?

    The severity of CVE-2021-33626 is high (7.8).

  • How can I fix CVE-2021-33626?

    Apply the recommended security patches provided by the software vendors or follow the mitigation steps outlined in the advisories.

  • Where can I find more information about CVE-2021-33626?

    You can find more information about CVE-2021-33626 in the provided references: [1] [2] [3]

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203