ID

VAR-202202-0007


CVE

CVE-2020-5953


TITLE

InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM

Trust: 0.8

sources: CERT/CC: VU#796611

DESCRIPTION

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count SMM Privilege Escalation 10 SMM Memory Corruption 12 DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. InsydeH2O UEFI There is an unspecified vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2020-5953 // CERT/CC: VU#796611 // JVNDB: JVNDB-2022-001342

AFFECTED PRODUCTS

vendor:siemensmodel:simatic itp1000scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc377gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc647escope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m6scope:eqversion: -

Trust: 1.0

vendor:insydemodel:insydeh2oscope:eqversion:5.34.03.0029

Trust: 1.0

vendor:siemensmodel:simatic ipc477escope:eqversion: -

Trust: 1.0

vendor:insydemodel:insydeh2oscope:eqversion:5.33.15.0034

Trust: 1.0

vendor:siemensmodel:simatic ipc627escope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc847escope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc677escope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m5scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc227gscope:eqversion: -

Trust: 1.0

vendor:insydemodel:insydeh2oscope:eqversion:5.23.04.0045

Trust: 1.0

vendor:siemensmodel:simatic ipc427escope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc327gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:ruggedcom ape1808scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc127escope:eqversion: -

Trust: 1.0

vendor:insydemodel:insydeh2oscope:eqversion:5.42.03.0010

Trust: 1.0

vendor:siemensmodel:simatic ipc277gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc477e proscope:eqversion: -

Trust: 1.0

vendor:insydemodel:insydeh2oscope:eqversion:5.23.45.0023

Trust: 1.0

vendor:insydemodel:insydeh2oscope:eqversion:5.12.09.0074

Trust: 1.0

vendor:insydemodel:insydeh2oscope: - version: -

Trust: 0.8

vendor:insydemodel:insydeh2oscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001342 // NVD: CVE-2020-5953

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-5953
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202202-121
value: HIGH

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2020-5953
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-5953
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-001342 // NVD: CVE-2020-5953 // CNNVD: CNNVD-202202-121

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001342 // NVD: CVE-2020-5953

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-121

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-121

CONFIGURATIONS

sources: NVD: CVE-2020-5953

PATCH

title:INSYDE-SA-2022017url:https://www.insyde.com/products

Trust: 0.8

title:Insyde InsydeH2O Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180215

Trust: 0.6

sources: JVNDB: JVNDB-2022-001342 // CNNVD: CNNVD-202202-121

EXTERNAL IDS

db:NVDid:CVE-2020-5953

Trust: 4.0

db:SIEMENSid:SSA-306654

Trust: 1.6

db:CERT/CCid:VU#796611

Trust: 0.8

db:JVNid:JVNVU98748974

Trust: 0.8

db:JVNid:JVNVU97136454

Trust: 0.8

db:JVNDBid:JVNDB-2022-001342

Trust: 0.8

db:CS-HELPid:SB2022020305

Trust: 0.6

db:LENOVOid:LEN-73436

Trust: 0.6

db:CNNVDid:CNNVD-202202-121

Trust: 0.6

sources: CERT/CC: VU#796611 // JVNDB: JVNDB-2022-001342 // NVD: CVE-2020-5953 // CNNVD: CNNVD-202202-121

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20220222-0005/

Trust: 1.6

url:https://www.insyde.com/products

Trust: 1.6

url:https://www.insyde.com/security-pledge

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-5953

Trust: 1.4

url:cve-2020-27339

Trust: 0.8

url:cve-2020-5953

Trust: 0.8

url:cve-2021-33625

Trust: 0.8

url:cve-2021-33626

Trust: 0.8

url:cve-2021-33627

Trust: 0.8

url:cve-2021-41837

Trust: 0.8

url:cve-2021-41838

Trust: 0.8

url:cve-2021-41839

Trust: 0.8

url:cve-2021-41840

Trust: 0.8

url:cve-2021-41841

Trust: 0.8

url:cve-2021-42059

Trust: 0.8

url:cve-2021-42060

Trust: 0.8

url:cve-2021-42113

Trust: 0.8

url:cve-2021-42554

Trust: 0.8

url:cve-2021-43323

Trust: 0.8

url:cve-2021-43522

Trust: 0.8

url:cve-2021-43615

Trust: 0.8

url:cve-2021-45969

Trust: 0.8

url:cve-2021-45970

Trust: 0.8

url:cve-2021-45971

Trust: 0.8

url:cve-2022-24030

Trust: 0.8

url:cve-2022-24031

Trust: 0.8

url:cve-2022-24069

Trust: 0.8

url:cve-2022-28806

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97136454/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98748974/

Trust: 0.8

url:https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-73436

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022020305

Trust: 0.6

sources: CERT/CC: VU#796611 // JVNDB: JVNDB-2022-001342 // NVD: CVE-2020-5953 // CNNVD: CNNVD-202202-121

CREDITS

This document was written by Vijay Sarvepalli.Statement Date:   March 01, 2022

Trust: 0.8

sources: CERT/CC: VU#796611

SOURCES

db:CERT/CCid:VU#796611
db:JVNDBid:JVNDB-2022-001342
db:NVDid:CVE-2020-5953
db:CNNVDid:CNNVD-202202-121

LAST UPDATE DATE

2023-12-18T10:51:42.667000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#796611date:2022-04-26T00:00:00
db:JVNDBid:JVNDB-2022-001342date:2022-02-28T07:09:00
db:NVDid:CVE-2020-5953date:2022-04-12T18:17:18.710
db:CNNVDid:CNNVD-202202-121date:2022-03-10T00:00:00

SOURCES RELEASE DATE

db:CERT/CCid:VU#796611date:2022-02-01T00:00:00
db:JVNDBid:JVNDB-2022-001342date:2022-02-17T00:00:00
db:NVDid:CVE-2020-5953date:2022-02-03T01:15:07.647
db:CNNVDid:CNNVD-202202-121date:2022-02-02T00:00:00