CVE-2020-27339

Published Jun 16, 2021
Last updated 2 years ago
CVSS medium 6.7
Overview

Description: In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A8D4515-2E1D-4C69-B561-6F42B54FFD74",
            "versionEndExcluding": "5.34.44",
            "versionStartIncluding": "5.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38BBAD45-A06D-41D6-A1CC-5AD560E9DCB8",
            "versionEndExcluding": "5.25.44",
            "versionStartIncluding": "5.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "816E66FC-0597-4442-9257-69B97D27D815",
            "versionEndExcluding": "5.16.25",
            "versionStartIncluding": "5.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A889306B-C22C-4F29-BDBC-08B86252A584",
            "versionEndExcluding": "5.42.44",
            "versionStartIncluding": "5.4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C47A7464-4682-474D-B094-CB6F2BD3B6B4",
            "versionEndExcluding": "5.35.25",
            "versionStartIncluding": "5.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AECE476-8649-4928-9702-9E9737E1A764",
            "versionEndExcluding": "5.26.25",
            "versionStartIncluding": "5.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C8173E6-4FED-481D-BF5E-3CABDF13CA61",
            "versionEndExcluding": "5.43.25",
            "versionStartIncluding": "5.4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:ruggedcom_apr1808_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E08DFAD2-130C-4B75-B7EF-602C4B3324F0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:ruggedcom_apr1808:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BD56E8B2-232B-4E1C-BB3F-41B0C1E31D7B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75AE72A3-05C6-4564-81CC-67865D03D106"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "506DEE00-30D2-4E29-9645-757EB8778C0F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECC5341D-9982-4F18-9C8D-2912DDB8EF9A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "846EE524-BC53-4DE5-81C5-6B5EB2DD8BEA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ED11E5B-E60C-4359-B87C-E373DED77677"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0D1E85AC-1305-4C5E-AD8B-39B2654F6057"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1865061F-CF02-410B-B01B-2088F7104867"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "320F5752-86B3-4C08-89D0-02272753A6D0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68215EEF-243A-4B02-BEAB-C162A3564D60"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC7303D1-CC95-42C7-B843-C3B3B3336669"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62751FE8-48D7-4D7B-A7DD-4977DE539660"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDD6F034-BC50-4223-AE5D-319F04C866A8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EC3A82C-1380-4B21-BB17-3760A0B6A027"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A40D0CDB-7BE6-491F-B730-3B4E10CA159A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2558478-44E0-4D42-A6DC-D4262D15A92A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDF9D4C3-1892-48FA-95B4-835B636A4005"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AD30972-8CE2-46B4-A4B8-B209F6B616AC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFFA7953-DC4C-489A-B5A4-B832FAF3C143"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D9AF082-8345-4BE1-B1FC-6E0316BB833B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AC414E9-5DBD-4D60-B0EA-6FB48207B628"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "193BF353-5D85-4F2E-94D0-329ED823FF07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F9FA42D-B2F0-456F-89B7-6A5789787FBA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8CE311F-98F9-4E58-9E52-BAFAF87C0819"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64538703-AE66-4D4A-B4A1-C88039B9543D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "187C6D51-5B86-484D-AE0F-26D1C9465580"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
