Sign-up

ID

VAR-202202-0147


CVE

CVE-2021-42554


TITLE

InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM

Trust: 0.8

sources: CERT/CC: VU#796611

DESCRIPTION

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count SMM Privilege Escalation 10 SMM Memory Corruption 12 DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Kernel Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2021-42554 // CERT/CC: VU#796611 // JVNDB: JVNDB-2022-001353

AFFECTED PRODUCTS

vendor:siemensmodel:simatic ipc477escope:eqversion:*

Trust: 1.0

vendor:insydemodel:insydeh2oscope:gteversion:5.2

Trust: 1.0

vendor:siemensmodel:simatic field pg m5scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc627escope:eqversion:*

Trust: 1.0

vendor:insydemodel:insydeh2oscope:gteversion:5.0

Trust: 1.0

vendor:siemensmodel:simatic ipc677escope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc847escope:eqversion:*

Trust: 1.0

vendor:insydemodel:insydeh2oscope:gteversion:5.4

Trust: 1.0

vendor:siemensmodel:simatic ipc427escope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc227gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc327gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ruggedcom ape1808scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc127escope:eqversion:*

Trust: 1.0

vendor:insydemodel:insydeh2oscope:gteversion:5.1

Trust: 1.0

vendor:insydemodel:insydeh2oscope:gteversion:5.3

Trust: 1.0

vendor:insydemodel:insydeh2oscope:ltversion:5.08.42

Trust: 1.0

vendor:insydemodel:insydeh2oscope:ltversion:5.35.42

Trust: 1.0

vendor:siemensmodel:simatic ipc277gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic field pg m6scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc377gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic itp1000scope:eqversion:*

Trust: 1.0

vendor:insydemodel:insydeh2oscope:ltversion:5.26.42

Trust: 1.0

vendor:insydemodel:insydeh2oscope:ltversion:5.16.42

Trust: 1.0

vendor:siemensmodel:simatic ipc647escope:eqversion:*

Trust: 1.0

vendor:insydemodel:insydeh2oscope:ltversion:5.50.51

Trust: 1.0

vendor:insydemodel:insydeh2oscope:ltversion:5.42.51

Trust: 1.0

vendor:insydemodel:insydeh2oscope:gteversion:5.5

Trust: 1.0

vendor:insydemodel:insydeh2oscope: - version: -

Trust: 0.8

vendor:insydemodel:insydeh2oscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001353 // NVD: CVE-2021-42554

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-42554
value: HIGH

Trust: 1.0

NVD: CVE-2021-42554
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202202-107
value: HIGH

Trust: 0.6

NVD:
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-42554
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-42554
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-001353 // NVD: CVE-2021-42554 // CNNVD: CNNVD-202202-107

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001353 // NVD: CVE-2021-42554

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-107

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-107

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-42554

PATCH
title:Insyde's Security Pledge Security Advisoryurl:https://www.insyde.com/security-pledge
Trust: 0.8
title:Insyde InsydeH2O Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185270
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-001353 // 
            
            
            
            CNNVD: CNNVD-202202-107

EXTERNAL IDS
db:NVDid:CVE-2021-42554
Trust: 4.0
db:SIEMENSid:SSA-306654
Trust: 1.6
db:CERT/CCid:VU#796611
Trust: 0.8
db:JVNid:JVNVU98748974
Trust: 0.8
db:JVNid:JVNVU97136454
Trust: 0.8
db:JVNDBid:JVNDB-2022-001353
Trust: 0.8
db:CS-HELPid:SB2022020318
Trust: 0.6
db:LENOVOid:LEN-73436
Trust: 0.6
db:CNNVDid:CNNVD-202202-107
Trust: 0.6
sources:
            
            
            CERT/CC: VU#796611 // 
            
            
            
            JVNDB: JVNDB-2022-001353 // 
            
            
            
            NVD: CVE-2021-42554 // 
            
            
            
            CNNVD: CNNVD-202202-107

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Trust: 1.6
url:https://security.netapp.com/advisory/ntap-20220216-0007/
Trust: 1.6
url:https://www.insyde.com/security-pledge
Trust: 1.6
url:https://www.insyde.com/security-pledge/sa-2022012
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-42554
Trust: 1.4
url:cve-2020-27339  
Trust: 0.8
url:cve-2020-5953  
Trust: 0.8
url:cve-2021-33625  
Trust: 0.8
url:cve-2021-33626  
Trust: 0.8
url:cve-2021-33627  
Trust: 0.8
url:cve-2021-41837  
Trust: 0.8
url:cve-2021-41838  
Trust: 0.8
url:cve-2021-41839  
Trust: 0.8
url:cve-2021-41840  
Trust: 0.8
url:cve-2021-41841  
Trust: 0.8
url:cve-2021-42059  
Trust: 0.8
url:cve-2021-42060  
Trust: 0.8
url:cve-2021-42113  
Trust: 0.8
url:cve-2021-42554  
Trust: 0.8
url:cve-2021-43323  
Trust: 0.8
url:cve-2021-43522  
Trust: 0.8
url:cve-2021-43615  
Trust: 0.8
url:cve-2021-45969  
Trust: 0.8
url:cve-2021-45970  
Trust: 0.8
url:cve-2021-45971  
Trust: 0.8
url:cve-2022-24030  
Trust: 0.8
url:cve-2022-24031  
Trust: 0.8
url:cve-2022-24069  
Trust: 0.8
url:cve-2022-28806  
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97136454/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98748974/
Trust: 0.8
url:https://vigilance.fr/vulnerability/independent-bios-developers-multiple-vulnerabilities-via-uefi-37438
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022020318
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-73436
Trust: 0.6
sources:
            
            
            CERT/CC: VU#796611 // 
            
            
            
            JVNDB: JVNDB-2022-001353 // 
            
            
            
            NVD: CVE-2021-42554 // 
            
            
            
            CNNVD: CNNVD-202202-107

CREDITS
This document was written by Vijay Sarvepalli.Statement Date:   March 01, 2022
Trust: 0.8
sources:
            
            
            CERT/CC: VU#796611

SOURCES
db:CERT/CCid:VU#796611
db:JVNDBid:JVNDB-2022-001353
db:NVDid:CVE-2021-42554
db:CNNVDid:CNNVD-202202-107

LAST UPDATE DATE
2023-12-18T11:07:31.315000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#796611date:2022-04-26T00:00:00
db:JVNDBid:JVNDB-2022-001353date:2022-02-28T07:08:00
db:NVDid:CVE-2021-42554date:2022-03-08T20:18:59.047
db:CNNVDid:CNNVD-202202-107date:2022-03-09T00:00:00

SOURCES RELEASE DATE
db:CERT/CCid:VU#796611date:2022-02-01T00:00:00
db:JVNDBid:JVNDB-2022-001353date:2022-02-17T00:00:00
db:NVDid:CVE-2021-42554date:2022-02-03T02:15:07.380
db:CNNVDid:CNNVD-202202-107date:2022-02-02T00:00:00