Details of VAR-202202-0037

ID

VAR-202202-0037

CVE

CVE-2021-33625

TITLE

InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM

Trust: 0.8

sources: CERT/CC: VU#796611

DESCRIPTION

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count SMM Privilege Escalation 10 SMM Memory Corruption 12 DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2021-33625 // CERT/CC: VU#796611 // JVNDB: JVNDB-2022-001343

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic itp1000	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc377g	scope:	eq	version:	-	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	gte	version:	5.2	Trust: 1.0
vendor:	siemens	model:	simatic ipc647e	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic field pg m6	scope:	eq	version:	-	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	lt	version:	5.16.23	Trust: 1.0
vendor:	siemens	model:	simatic ipc477e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	fas\/aff bios	scope:	eq	version:	-	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	gte	version:	5.4	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	lt	version:	5.51.22	Trust: 1.0
vendor:	siemens	model:	simatic ipc627e	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc847e	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic field pg m5	scope:	eq	version:	-	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	gte	version:	5.1	Trust: 1.0
vendor:	siemens	model:	simatic ipc677e	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc227g	scope:	eq	version:	-	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	gte	version:	5.3	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	lt	version:	5.35.23	Trust: 1.0
vendor:	siemens	model:	simatic ipc427e	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc327g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom ape1808	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc127e	scope:	eq	version:	-	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	lt	version:	5.26.23	Trust: 1.0
vendor:	siemens	model:	simatic ipc277g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc477e pro	scope:	eq	version:	-	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	gte	version:	5.5	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	lt	version:	5.43.22	Trust: 1.0
vendor:	insyde	model:	insydeh2o	scope:	-	version:	-	Trust: 0.8
vendor:	insyde	model:	insydeh2o	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-001343 // NVD: CVE-2021-33625

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-33625
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202202-117
value:	HIGH
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2021-33625
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33625
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-001343 // NVD: CVE-2021-33625 // CNNVD: CNNVD-202202-117

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-001343 // NVD: CVE-2021-33625

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-117

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-117

CONFIGURATIONS

sources: NVD: CVE-2021-33625

PATCH

title:	Insyde's Security Pledge Security Advisory	url:	https://www.insyde.com/security-pledge	Trust: 0.8
title:	Insyde InsydeH2O Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180211	Trust: 0.6

sources: JVNDB: JVNDB-2022-001343 // CNNVD: CNNVD-202202-117

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33625	Trust: 4.0
db:	SIEMENS	id:	SSA-306654	Trust: 1.6
db:	CERT/CC	id:	VU#796611	Trust: 0.8
db:	JVN	id:	JVNVU98748974	Trust: 0.8
db:	JVN	id:	JVNVU97136454	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-001343	Trust: 0.8
db:	CS-HELP	id:	SB2022020319	Trust: 0.6
db:	LENOVO	id:	LEN-73436	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-117	Trust: 0.6

sources: CERT/CC: VU#796611 // JVNDB: JVNDB-2022-001343 // NVD: CVE-2021-33625 // CNNVD: CNNVD-202202-117

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf	Trust: 1.6
url:	https://security.netapp.com/advisory/ntap-20220222-0004/	Trust: 1.6
url:	https://www.insyde.com/security-pledge	Trust: 1.6
url:	https://www.insyde.com/security-pledge/sa-2022014	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33625	Trust: 1.4
url:	cve-2020-27339	Trust: 0.8
url:	cve-2020-5953	Trust: 0.8
url:	cve-2021-33625	Trust: 0.8
url:	cve-2021-33626	Trust: 0.8
url:	cve-2021-33627	Trust: 0.8
url:	cve-2021-41837	Trust: 0.8
url:	cve-2021-41838	Trust: 0.8
url:	cve-2021-41839	Trust: 0.8
url:	cve-2021-41840	Trust: 0.8
url:	cve-2021-41841	Trust: 0.8
url:	cve-2021-42059	Trust: 0.8
url:	cve-2021-42060	Trust: 0.8
url:	cve-2021-42113	Trust: 0.8
url:	cve-2021-42554	Trust: 0.8
url:	cve-2021-43323	Trust: 0.8
url:	cve-2021-43522	Trust: 0.8
url:	cve-2021-43615	Trust: 0.8
url:	cve-2021-45969	Trust: 0.8
url:	cve-2021-45970	Trust: 0.8
url:	cve-2021-45971	Trust: 0.8
url:	cve-2022-24030	Trust: 0.8
url:	cve-2022-24031	Trust: 0.8
url:	cve-2022-24069	Trust: 0.8
url:	cve-2022-28806	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97136454/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98748974/	Trust: 0.8
url:	https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020319	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-73436	Trust: 0.6

sources: CERT/CC: VU#796611 // JVNDB: JVNDB-2022-001343 // NVD: CVE-2021-33625 // CNNVD: CNNVD-202202-117

CREDITS

This document was written by Vijay Sarvepalli.Statement Date: March 01, 2022

Trust: 0.8

sources: CERT/CC: VU#796611

SOURCES

db:	CERT/CC	id:	VU#796611
db:	JVNDB	id:	JVNDB-2022-001343
db:	NVD	id:	CVE-2021-33625
db:	CNNVD	id:	CNNVD-202202-117

LAST UPDATE DATE

2023-12-18T10:53:47.586000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#796611	date:	2022-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-001343	date:	2022-02-28T07:09:00
db:	NVD	id:	CVE-2021-33625	date:	2022-04-12T18:17:23.980
db:	CNNVD	id:	CNNVD-202202-117	date:	2022-03-03T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#796611	date:	2022-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-001343	date:	2022-02-17T00:00:00
db:	NVD	id:	CVE-2021-33625	date:	2022-02-03T02:15:06.930
db:	CNNVD	id:	CNNVD-202202-117	date:	2022-02-02T00:00:00