What is CVE-2021-33626?

CVE-2021-33626 is a vulnerability that exists in the SMM (System Management Mode) branch, allowing an attacker to corrupt data in SMRAM memory and execute arbitrary code.

Which software is affected by CVE-2021-33626?

Insyde InsydeH2O versions 5.3 to 5.34.44, 5.2 to 5.25.44, 5.1 to 5.16.25, 5.4 to 5.42.44, 5.3 to 5.35.25, 5.2 to 5.26.25, 5.4 to 5.43.25, Siemens Ruggedcom Apr1808 Firmware

What is the severity of CVE-2021-33626?

The severity of CVE-2021-33626 is high (7.8).

How can I fix CVE-2021-33626?

Apply the recommended security patches provided by the software vendors or follow the mitigation steps outlined in the advisories.

Where can I find more information about CVE-2021-33626?

You can find more information about CVE-2021-33626 in the provided references: [1] [2] [3]

Vulnerability/
CVE-2021-33626

high

7.8

CWE

829

1/10/2021

3/8/2024

CVE-2021-33626

First published: Fri Oct 01 2021(Updated: )

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Insyde InsydeH2O	>=5.3<5.34.44
Insyde InsydeH2O	>=5.2<5.25.44
Insyde InsydeH2O	>=5.1<5.16.25
Insyde InsydeH2O	>=5.4<5.42.44
Insyde InsydeH2O	>=5.3<5.35.25
Insyde InsydeH2O	>=5.2<5.26.25
Insyde InsydeH2O	>=5.4<5.43.25
Siemens Ruggedcom Apr1808 Firmware
Siemens Ruggedcom Apr1808
Siemens Simatic Field Pg M5 Firmware
Siemens Simatic Field Pg M5
Siemens Simatic Field Pg M6 Firmware
Siemens Simatic Field Pg M6
Siemens Simatic Ipc127e Firmware
Siemens Simatic Ipc127e
Siemens Simatic Ipc227g Firmware
Siemens Simatic Ipc227g
Siemens Simatic Ipc277g Firmware
Siemens Simatic Ipc277g
Siemens Simatic Ipc327g Firmware
Siemens Simatic Ipc327g
Siemens Simatic Ipc377g Firmware
Siemens Simatic Ipc377g
Siemens Simatic Ipc427e Firmware
Siemens Simatic Ipc427e
Siemens Simatic Ipc477e Firmware
Siemens Simatic Ipc477e
Siemens Simatic Ipc477e Pro Firmware
Siemens Simatic Ipc477e Pro
Siemens Simatic Ipc627e Firmware
Siemens Simatic Ipc627e
Siemens Simatic Ipc647e Firmware
Siemens Simatic Ipc647e
Siemens Simatic Ipc677e Firmware
Siemens Simatic Ipc677e
Siemens Simatic Ipc847e Firmware
Siemens Simatic Ipc847e
Siemens Simatic Itp1000 Firmware
Siemens Simatic Itp1000

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-33626?
CVE-2021-33626 is a vulnerability that exists in the SMM (System Management Mode) branch, allowing an attacker to corrupt data in SMRAM memory and execute arbitrary code.
Which software is affected by CVE-2021-33626?
Insyde InsydeH2O versions 5.3 to 5.34.44, 5.2 to 5.25.44, 5.1 to 5.16.25, 5.4 to 5.42.44, 5.3 to 5.35.25, 5.2 to 5.26.25, 5.4 to 5.43.25, Siemens Ruggedcom Apr1808 Firmware
What is the severity of CVE-2021-33626?
The severity of CVE-2021-33626 is high (7.8).
How can I fix CVE-2021-33626?
Apply the recommended security patches provided by the software vendors or follow the mitigation steps outlined in the advisories.
Where can I find more information about CVE-2021-33626?
You can find more information about CVE-2021-33626 in the provided references: [1] [2] [3]

collector/nvd-index
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/weakness
agent/softwarecombine
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/insyde
canonical/insyde insydeh2o
version/insyde insydeh2o/5.3
version/insyde insydeh2o/5.2
version/insyde insydeh2o/5.1
version/insyde insydeh2o/5.4
vendor/siemens
canonical/siemens ruggedcom apr1808 firmware
canonical/siemens ruggedcom apr1808
canonical/siemens simatic field pg m5 firmware
canonical/siemens simatic field pg m5
canonical/siemens simatic field pg m6 firmware
canonical/siemens simatic field pg m6
canonical/siemens simatic ipc127e firmware
canonical/siemens simatic ipc127e
canonical/siemens simatic ipc227g firmware
canonical/siemens simatic ipc227g
canonical/siemens simatic ipc277g firmware
canonical/siemens simatic ipc277g
canonical/siemens simatic ipc327g firmware
canonical/siemens simatic ipc327g
canonical/siemens simatic ipc377g firmware
canonical/siemens simatic ipc377g
canonical/siemens simatic ipc427e firmware
canonical/siemens simatic ipc427e
canonical/siemens simatic ipc477e firmware
canonical/siemens simatic ipc477e
canonical/siemens simatic ipc477e pro firmware
canonical/siemens simatic ipc477e pro
canonical/siemens simatic ipc627e firmware
canonical/siemens simatic ipc627e
canonical/siemens simatic ipc647e firmware
canonical/siemens simatic ipc647e
canonical/siemens simatic ipc677e firmware
canonical/siemens simatic ipc677e
canonical/siemens simatic ipc847e firmware
canonical/siemens simatic ipc847e
canonical/siemens simatic itp1000 firmware
canonical/siemens simatic itp1000