CVE-2020-5953

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
insydeinsydeh2o
5.12.09.0074
insydeinsydeh2o
5.23.04.0045
insydeinsydeh2o
5.23.45.0023
insydeinsydeh2o
5.33.15.0034
insydeinsydeh2o
5.34.03.0029
insydeinsydeh2o
5.42.03.0010
siemensruggedcom_ape1808_firmware
-
siemenssimatic_field_pg_m6_firmware
-
siemenssimatic_ipc127e_firmware
-
siemenssimatic_ipc227g_firmware
-
siemenssimatic_ipc277g_firmware
-
siemenssimatic_itp1000_firmware
-
siemenssimatic_ipc477e_pro_firmware
-
siemenssimatic_ipc627e_firmware
-
siemenssimatic_ipc647e_firmware
-
siemenssimatic_ipc677e_firmware
-
siemenssimatic_ipc847e_firmware
-
siemenssimatic_ipc327g_firmware
-
siemenssimatic_ipc377g_firmware
-
siemenssimatic_ipc427e_firmware
-
siemenssimatic_ipc477e_firmware
-
siemenssimatic_field_pg_m5_firmware
-
𝑥
= Vulnerable software versions
References
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
https://security.netapp.com/advisory/ntap-20220222-0005/
https://www.insyde.com/products
https://www.insyde.com/security-pledge
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
https://security.netapp.com/advisory/ntap-20220222-0005/
https://www.insyde.com/products
https://www.insyde.com/security-pledge