Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde insydeh2o vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-34195
An issue exists in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This var...
Insyde Insydeh2o
7.8
CVSSv3
CVE-2023-22616
An issue exists in Insyde InsydeH2O with kernel 5.2 up to and including 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.
Insyde Insydeh2o
7.8
CVSSv3
CVE-2022-35407
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable ex...
Insyde Kernel
7.8
CVSSv3
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurit...
Insyde Insydeh2o
7.8
CVSSv3
CVE-2021-33626
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an malicious user to corrupt data in SMRAM memory and even lead...
Insyde Insydeh2o
Siemens Ruggedcom Apr1808 Firmware -
Siemens Simatic Field Pg M5 Firmware -
Siemens Simatic Field Pg M6 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Itp1000 Firmware -
7.5
CVSSv3
CVE-2023-31041
An issue exists in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
7.5
CVSSv3
CVE-2021-33625
An issue exists in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel address...
Insyde Insydeh2o
Netapp Fas\\/aff Bios -
Siemens Ruggedcom Ape1808 Firmware -
Siemens Simatic Field Pg M5 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Itp1000 Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Field Pg M6 Firmware -
7.5
CVSSv3
CVE-2022-24030
An issue exists in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 up to and including 5.5. An SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Insyde Insydeh2o
7.5
CVSSv3
CVE-2020-5953
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution ...
Insyde Insydeh2o 5.12.09.0074
Insyde Insydeh2o 5.23.04.0045
Insyde Insydeh2o 5.23.45.0023
Insyde Insydeh2o 5.33.15.0034
Insyde Insydeh2o 5.34.03.0029
Insyde Insydeh2o 5.42.03.0010
Siemens Ruggedcom Ape1808 Firmware -
Siemens Simatic Field Pg M6 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Itp1000 Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Field Pg M5 Firmware -
7.5
CVSSv3
CVE-2021-43522
An issue exists in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue ...
Insyde Insydeh2o
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »