CVE-2021-42059

Published Feb 3, 2022
Last updated 3 years ago
CVSS medium 6.7
Overview

Description: An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-787
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A64DE17F-735B-490B-A4AD-8606684DDB5D",
            "versionEndExcluding": "5.08.41",
            "versionStartIncluding": "5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EE9D6D0-77EF-41CE-ACB2-A43B0543F9C7",
            "versionEndExcluding": "5.16.41",
            "versionStartIncluding": "5.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADDAD8E2-7468-4D96-8A9F-8C2BB0E8EACB",
            "versionEndExcluding": "5.26.41",
            "versionStartIncluding": "5.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AF0CD01-CD57-41D5-9827-437F0683E13B",
            "versionEndExcluding": "5.35.41",
            "versionStartIncluding": "5.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "612CCC25-B065-44F6-A531-E310A2A1B9A6",
            "versionEndExcluding": "5.42.20",
            "versionStartIncluding": "5.4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "506DEE00-30D2-4E29-9645-757EB8778C0F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "324ADC7E-AECD-4B7D-8571-5399542C2BF6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "480C5657-5C05-40F5-B76A-E67119727ED8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AEB5AD1-3973-4150-BEA2-C9DE0B98222F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0D1E85AC-1305-4C5E-AD8B-39B2654F6057"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3F52F29-0ACF-4ECC-927A-0CB27399E5D9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "320F5752-86B3-4C08-89D0-02272753A6D0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F203C449-2B5C-47A1-BF3D-8DCFD29F0B18"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC7303D1-CC95-42C7-B843-C3B3B3336669"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A37FB5EC-BB64-472C-81FC-8EEF238E3C12"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45013BCA-3897-4D58-81FA-D8CB9D19268C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDD6F034-BC50-4223-AE5D-319F04C866A8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6422BF3-01B7-443B-BD2B-80E45D7C3F5F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A40D0CDB-7BE6-491F-B730-3B4E10CA159A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "696F47E6-C1CA-4A58-A91F-4B3EA92954AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDF9D4C3-1892-48FA-95B4-835B636A4005"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F712060C-ECDB-4BC7-B9B9-468B41DE615B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D9AF082-8345-4BE1-B1FC-6E0316BB833B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D511C170-65E5-416D-B7CE-557A503F25AE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "577C19F5-82ED-46DF-91CC-A074DE99EBDD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F9FA42D-B2F0-456F-89B7-6A5789787FBA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEF4592C-5DB3-45F4-B354-59701BBA0C08"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87F0538B-ED6E-40C7-9C2A-4C5DC3D2935E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "187C6D51-5B86-484D-AE0F-26D1C9465580"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
