Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde insydeh2o vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2022-32955
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitig...
Insyde Insydeh2o
7
CVSSv3
CVE-2022-32474
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This ...
Insyde Insydeh2o
7
CVSSv3
CVE-2022-32471
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are u...
Insyde Insydeh2o
7
CVSSv3
CVE-2022-32478
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mi...
Insyde Insydeh2o
6.8
CVSSv3
CVE-2022-35897
An stack buffer overflow vulnerability leads to arbitrary code execution issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific va...
Insyde Kernel
6.7
CVSSv3
CVE-2021-42059
An issue exists in Insyde InsydeH2O Kernel 5.0 prior to 05.08.41, Kernel 5.1 prior to 05.16.41, Kernel 5.2 prior to 05.26.41, Kernel 5.3 prior to 05.35.41, and Kernel 5.4 prior to 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE ...
Insyde Insydeh2o
Siemens Simatic Field Pg M5 Firmware
Siemens Simatic Field Pg M6 Firmware
Siemens Simatic Ipc127e Firmware
Siemens Simatic Ipc227g Firmware
Siemens Simatic Ipc277g Firmware
Siemens Simatic Ipc327g Firmware
Siemens Simatic Ipc377g Firmware
Siemens Simatic Ipc427e Firmware
Siemens Simatic Ipc477e Firmware
Siemens Simatic Ipc627e Firmware
Siemens Simatic Ipc647e Firmware
Siemens Simatic Ipc677e Firmware
Siemens Simatic Ipc847e Firmware
Siemens Simatic Itp1000 Firmware
6.7
CVSSv3
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdH...
Insyde Insydeh2o
Siemens Ruggedcom Apr1808 Firmware -
Siemens Simatic Field Pg M5 Firmware -
Siemens Simatic Field Pg M6 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Itp1000 Firmware -
6.5
CVSSv3
CVE-2023-28468
An issue exists in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an malicious user to interact with the SPI flash at run-time from the OS.
Insyde Kernel
6.4
CVSSv3
CVE-2022-32266
DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI hand...
Insyde Kernel
6
CVSSv3
CVE-2022-35894
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.
Insyde Insydeh2o
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »