7.2

CVE-2021-42059

EPSS 0.06%
Veröffentlicht 03.02.2022 02:15:07
Zuletzt bearbeitet 04.11.2025 20:16:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 19 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Insyde ≫ Insydeh2o Version >= 5.0 < 5.08.41

Insyde ≫ Insydeh2o Version >= 5.1 < 5.16.41

Insyde ≫ Insydeh2o Version >= 5.2 < 5.26.41

Insyde ≫ Insydeh2o Version >= 5.3 < 5.35.41

Insyde ≫ Insydeh2o Version >= 5.4 < 5.42.20

Siemens ≫ Simatic Field Pg M5 Firmware

Siemens ≫ Simatic Field Pg M5 Version-

Siemens ≫ Simatic Field Pg M6 Firmware

Siemens ≫ Simatic Field Pg M6 Version-

Siemens ≫ Simatic Ipc127e Firmware

Siemens ≫ Simatic Ipc127e Version-

Siemens ≫ Simatic Ipc227g Firmware

Siemens ≫ Simatic Ipc227g Version-

Siemens ≫ Simatic Ipc277g Firmware

Siemens ≫ Simatic Ipc277g Version-

Siemens ≫ Simatic Ipc327g Firmware

Siemens ≫ Simatic Ipc327g Version-

Siemens ≫ Simatic Ipc377g Firmware

Siemens ≫ Simatic Ipc377g Version-

Siemens ≫ Simatic Ipc427e Firmware

Siemens ≫ Simatic Ipc427e Version-

Siemens ≫ Simatic Ipc477e Firmware

Siemens ≫ Simatic Ipc477e Version-

Siemens ≫ Simatic Ipc627e Firmware

Siemens ≫ Simatic Ipc627e Version-

Siemens ≫ Simatic Ipc647e Firmware

Siemens ≫ Simatic Ipc647e Version-

Siemens ≫ Simatic Ipc677e Firmware

Siemens ≫ Simatic Ipc677e Version-

Siemens ≫ Simatic Ipc847e Firmware

Siemens ≫ Simatic Ipc847e Version-

Siemens ≫ Simatic Itp1000 Firmware

Siemens ≫ Simatic Itp1000 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.198

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Third Party Advisory

https://www.insyde.com/security-pledge

Vendor Advisory

https://security.netapp.com/advisory/ntap-20220216-0008/

Third Party Advisory

https://www.insyde.com/security-pledge/SA-2022006

Vendor Advisory

https://www.kb.cert.org/vuls/id/796611

https://nvd.nist.gov/vuln/detail/CVE-2021-42059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42059

EUVD