CVE-2021-41838

Published Feb 3, 2022
Last updated 3 years ago
CVSS high 8.2
Overview

Description: An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 6
Exploitability score: 1.5
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-119
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4803E0A-D93A-4863-B9F6-378C3D73F743",
            "versionEndExcluding": "5.16.42",
            "versionStartIncluding": "5.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65D09B40-7B64-4890-AEA5-AE1EB5201CA1",
            "versionEndExcluding": "5.26.42",
            "versionStartIncluding": "5.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E38FAADD-CEC5-421F-BBD7-1152B95B2A10",
            "versionEndExcluding": "5.35.42",
            "versionStartIncluding": "5.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18B07541-9DA8-41A0-9D69-861C159AB6AA",
            "versionEndExcluding": "5.43.42",
            "versionStartIncluding": "5.4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F835C39-35FE-45F8-9314-C7E072F3627D",
            "versionEndExcluding": "5.51.42",
            "versionStartIncluding": "5.5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "324ADC7E-AECD-4B7D-8571-5399542C2BF6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "506DEE00-30D2-4E29-9645-757EB8778C0F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "480C5657-5C05-40F5-B76A-E67119727ED8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AEB5AD1-3973-4150-BEA2-C9DE0B98222F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3F52F29-0ACF-4ECC-927A-0CB27399E5D9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0D1E85AC-1305-4C5E-AD8B-39B2654F6057"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F203C449-2B5C-47A1-BF3D-8DCFD29F0B18"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "320F5752-86B3-4C08-89D0-02272753A6D0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A37FB5EC-BB64-472C-81FC-8EEF238E3C12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC7303D1-CC95-42C7-B843-C3B3B3336669"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45013BCA-3897-4D58-81FA-D8CB9D19268C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDD6F034-BC50-4223-AE5D-319F04C866A8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6422BF3-01B7-443B-BD2B-80E45D7C3F5F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A40D0CDB-7BE6-491F-B730-3B4E10CA159A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "696F47E6-C1CA-4A58-A91F-4B3EA92954AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDF9D4C3-1892-48FA-95B4-835B636A4005"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F712060C-ECDB-4BC7-B9B9-468B41DE615B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D9AF082-8345-4BE1-B1FC-6E0316BB833B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D511C170-65E5-416D-B7CE-557A503F25AE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "577C19F5-82ED-46DF-91CC-A074DE99EBDD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F9FA42D-B2F0-456F-89B7-6A5789787FBA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEF4592C-5DB3-45F4-B354-59701BBA0C08"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "187C6D51-5B86-484D-AE0F-26D1C9465580"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
