← Back

CVE-2021-33626

nvd nist
Published: Oct 1, 2021Modified: Nov 4, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Affected (23)

Insyde
1 product
Insydeh2o
Siemens
16 products
Ruggedcom Apr1808 Firmware
Simatic Field Pg M5 Firmware
Simatic Field Pg M6 Firmware
Simatic Ipc127e Firmware
Simatic Ipc227g Firmware
Simatic Ipc277g Firmware
Simatic Ipc327g Firmware
Simatic Ipc377g Firmware
Simatic Ipc427e Firmware
Simatic Ipc477e Firmware
Simatic Ipc477e Pro Firmware
Simatic Ipc627e Firmware
Simatic Ipc647e Firmware
Simatic Ipc677e Firmware
Simatic Ipc847e Firmware
Simatic Itp1000 Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.3 to 5.34.44
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.2 to 5.25.44
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.1 to 5.16.25
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.4 to 5.42.44
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.3 to 5.35.25
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.2 to 5.26.25
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.4 to 5.43.25
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ruggedcom Apr1808 Firmware
All versions
Running on/withPlatform Versions
Siemens
Ruggedcom Apr1808
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Field Pg M5 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Field Pg M5
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Field Pg M6 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Field Pg M6
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc127e Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc127e
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc227g Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc227g
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc277g Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc277g
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc327g Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc327g
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc377g Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc377g
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc427e Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc427e
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc477e Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc477e
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc477e Pro Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc477e Pro
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc627e Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc627e
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc647e Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc647e
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc677e Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc677e
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Ipc847e Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Ipc847e
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Itp1000 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Itp1000
All versions

Related CWEs

CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (9)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.