First published: Fri Oct 01 2021(Updated: )
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde H2O | >=5.3<5.34.44 | |
Insyde H2O | >=5.2<5.25.44 | |
Insyde H2O | >=5.1<5.16.25 | |
Insyde H2O | >=5.4<5.42.44 | |
Insyde H2O | >=5.3<5.35.25 | |
Insyde H2O | >=5.2<5.26.25 | |
Insyde H2O | >=5.4<5.43.25 | |
Siemens Ruggedcom APR1808 | ||
Siemens Ruggedcom APR1808 Firmware | ||
Siemens Simatic Field PG M5 | ||
Siemens Simatic Field PG M5 | ||
Siemens Simatic Field PG M6 Firmware | ||
Siemens Simatic Field PG M6 Firmware | ||
Siemens Simatic IPC127E Firmware | ||
Siemens Simatic IPC127E Firmware | ||
Siemens Simatic IPC227G | ||
Siemens Simatic IPC227G Firmware | ||
Siemens Simatic IPC277G | ||
Siemens SIMATIC IPC277G PRO | ||
Siemens Simatic IPC327G Firmware | ||
Siemens Simatic IPC327G Firmware | ||
Siemens Simatic IPC377G | ||
Siemens Simatic IPC377G | ||
Siemens Simatic IPC427E Firmware | ||
Siemens Simatic IPC427E Firmware | ||
Siemens Simatic IPC477E Firmware | ||
Siemens Simatic IPC477E Firmware | ||
Siemens Simatic IPC477E Pro | ||
Siemens Simatic IPC477E Firmware | ||
Siemens Simatic IPC627E Firmware | ||
Siemens Simatic IPC627E Firmware | ||
Siemens Simatic IPC647E Firmware | ||
Siemens Simatic IPC647E Firmware | ||
Siemens Simatic IPC677E Firmware | ||
Siemens Simatic IPC677E Firmware | ||
Siemens Simatic IPC847E Firmware | ||
Siemens Simatic IPC847E Firmware | ||
Siemens Simatic ITP1000 | ||
Siemens Simatic ITP1000 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33626 is a vulnerability that exists in the SMM (System Management Mode) branch, allowing an attacker to corrupt data in SMRAM memory and execute arbitrary code.
Insyde InsydeH2O versions 5.3 to 5.34.44, 5.2 to 5.25.44, 5.1 to 5.16.25, 5.4 to 5.42.44, 5.3 to 5.35.25, 5.2 to 5.26.25, 5.4 to 5.43.25, Siemens Ruggedcom Apr1808 Firmware
The severity of CVE-2021-33626 is high (7.8).
Apply the recommended security patches provided by the software vendors or follow the mitigation steps outlined in the advisories.
You can find more information about CVE-2021-33626 in the provided references: [1] [2] [3]