← Back

Insyde

insyde

104 CVEs • 12 products

Products (12)

Click to collapse
Toggle
Insydeh2o
insydeh2o
66 CVEs
Kernel
kernel
33 CVEs
H2offt
h2offt
2 CVEs
Insyde Bios
insyde_bios
1 CVE
H2oelv
h2oelv
1 CVE
H2ooae
h2ooae
1 CVE
H2opcm
h2opcm
1 CVE
H2osde
h2osde
1 CVE
H2ouve
h2ouve
1 CVE
Insydeh2o Uefi Bios
insydeh2o_uefi_bios
1 CVE
Insydecrpkg
insydecrpkg
1 CVE
Iscflashx64.sys
iscflashx64.sys
1 CVE

CVEs (104)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-33626
2Insyde
Siemens
17Insydeh2o
Ruggedcom Apr1808 FirmwareSimatic Field Pg M5 Firmware+14 more
Nov 4, 2025
Oct 1, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an...Show more
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.Show less
CVE-2020-27339
2Insyde
Siemens
17Insydeh2o
Ruggedcom Apr1808 FirmwareSimatic Field Pg M5 Firmware+14 more
Nov 4, 2025
Jun 16, 2021
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for...Show more
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).Show less
CVE-2019-12532
1Insyde
6H2oelv
H2offtH2ooae+3 more
Nov 21, 2024
Aug 26, 2019
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firm...Show more
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.Show less
CVE-2005-4175
1Insyde
1Insyde Bios
Apr 16, 2026
Dec 11, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.