Siemens

Simatic Ipc477e Pro Firmware

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-33625

  • EPSS 0.07%
  • Veröffentlicht 03.02.2022 02:15:06
  • Zuletzt bearbeitet 21.11.2024 06:09:13

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows us...

7.5

CVE-2020-5953

  • EPSS 0.29%
  • Veröffentlicht 03.02.2022 01:15:07
  • Zuletzt bearbeitet 21.11.2024 05:34:53

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This...

7.8

CVE-2021-33626

  • EPSS 0.08%
  • Veröffentlicht 01.10.2021 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:09:13

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SM...

7.2

CVE-2020-27339

  • EPSS 0.05%
  • Veröffentlicht 16.06.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:21:01

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe,...

6.4

CVE-2020-8670

  • EPSS 0.05%
  • Veröffentlicht 09.06.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:39:13

Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

6.7

CVE-2020-8703

  • EPSS 0.24%
  • Veröffentlicht 09.06.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:39:17

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local...

6.4

CVE-2020-8704

  • EPSS 0.12%
  • Veröffentlicht 09.06.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:39:17

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7

CVE-2020-12357

  • EPSS 0.1%
  • Veröffentlicht 09.06.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 04:59:34

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

4.4

CVE-2020-24507

  • EPSS 0.12%
  • Veröffentlicht 09.06.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 05:14:56

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via l...

5.5

CVE-2020-8698

  • EPSS 0.21%
  • Veröffentlicht 12.11.2020 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:39:17

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.