Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde insydeh2o vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2023-25600
An issue exists in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.
Insyde Insydecrpkg
6.5
CVSSv3
CVE-2023-28468
An issue exists in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an malicious user to interact with the SPI flash at run-time from the OS.
Insyde Kernel
7.8
CVSSv3
CVE-2021-33626
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an malicious user to corrupt data in SMRAM memory and even lead...
Insyde Insydeh2o
Siemens Ruggedcom Apr1808 Firmware -
Siemens Simatic Field Pg M5 Firmware -
Siemens Simatic Field Pg M6 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Itp1000 Firmware -
6.7
CVSSv3
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdH...
Insyde Insydeh2o
Siemens Ruggedcom Apr1808 Firmware -
Siemens Simatic Field Pg M5 Firmware -
Siemens Simatic Field Pg M6 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Itp1000 Firmware -
8.2
CVSSv3
CVE-2022-36337
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
Insyde Kernel
6.8
CVSSv3
CVE-2022-35897
An stack buffer overflow vulnerability leads to arbitrary code execution issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific va...
Insyde Kernel
7.5
CVSSv3
CVE-2021-33625
An issue exists in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel address...
Insyde Insydeh2o
Netapp Fas\\/aff Bios -
Siemens Ruggedcom Ape1808 Firmware -
Siemens Simatic Field Pg M5 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Itp1000 Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Field Pg M6 Firmware -
6.4
CVSSv3
CVE-2022-32266
DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI hand...
Insyde Kernel
NA
CVE-2022-46897
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.
NA
CVE-2024-25079
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 prior to 05.29.09, kernel 5.3 prior to 05.38.09, kernel 5.4 prior to 05.46.09, kernel 5.5 prior to 05.54.09, and kernel 5.6 prior to 05.61.09 could lead to escalating privileges in SMM.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »