CVE-2020-5953

Published Feb 3, 2022
Last updated 3 years ago
CVSS high 7.5
Overview

Description: A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 6
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:5.12.09.0074:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1506F007-8D5A-4F89-9C20-39C956E5E330"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:5.23.04.0045:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D71B9DC-9A25-4395-9369-E746B0BCFAD5"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:5.23.45.0023:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB7F094E-CE8C-44EB-AA8F-04FE034C0D02"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:5.33.15.0034:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F636FC4-E44B-49ED-96E4-BF7187F3344C"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:5.34.03.0029:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D24FF36C-7E38-4EAA-80B2-299AF22619FF"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:5.42.03.0010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8822BCEE-BFF7-4691-A0F0-C2CB04BE2354"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B89A6863-B602-4404-8D26-337FECABFFF0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37FDCA69-9049-40B4-88AF-F476901022B6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECC5341D-9982-4F18-9C8D-2912DDB8EF9A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "846EE524-BC53-4DE5-81C5-6B5EB2DD8BEA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0D1E85AC-1305-4C5E-AD8B-39B2654F6057"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc227g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ED11E5B-E60C-4359-B87C-E373DED77677"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "320F5752-86B3-4C08-89D0-02272753A6D0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc277g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1865061F-CF02-410B-B01B-2088F7104867"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "187C6D51-5B86-484D-AE0F-26D1C9465580"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64538703-AE66-4D4A-B4A1-C88039B9543D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AD30972-8CE2-46B4-A4B8-B209F6B616AC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D9AF082-8345-4BE1-B1FC-6E0316BB833B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFFA7953-DC4C-489A-B5A4-B832FAF3C143"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AC414E9-5DBD-4D60-B0EA-6FB48207B628"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "193BF353-5D85-4F2E-94D0-329ED823FF07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F9FA42D-B2F0-456F-89B7-6A5789787FBA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8CE311F-98F9-4E58-9E52-BAFAF87C0819"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc327g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68215EEF-243A-4B02-BEAB-C162A3564D60"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC7303D1-CC95-42C7-B843-C3B3B3336669"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc377g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62751FE8-48D7-4D7B-A7DD-4977DE539660"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDD6F034-BC50-4223-AE5D-319F04C866A8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EC3A82C-1380-4B21-BB17-3760A0B6A027"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A40D0CDB-7BE6-491F-B730-3B4E10CA159A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2558478-44E0-4D42-A6DC-D4262D15A92A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDF9D4C3-1892-48FA-95B4-835B636A4005"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75AE72A3-05C6-4564-81CC-67865D03D106"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "506DEE00-30D2-4E29-9645-757EB8778C0F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
