CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
5.1%
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
Vendor | Product | Version | CPE |
---|---|---|---|
insyde | insydeh2o | * | cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* |
netapp | fas\/aff_bios | - | cpe:2.3:o:netapp:fas\/aff_bios:-:*:*:*:*:*:*:* |
siemens | ruggedcom_ape1808 | - | cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:* |
siemens | ruggedcom_ape1808_firmware | - | cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:* |
siemens | simatic_field_pg_m5 | - | cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:* |
siemens | simatic_field_pg_m5_firmware | - | cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-:*:*:*:*:*:*:* |
siemens | simatic_ipc127e | - | cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:* |
siemens | simatic_ipc127e_firmware | - | cpe:2.3:o:siemens:simatic_ipc127e_firmware:-:*:*:*:*:*:*:* |
siemens | simatic_itp1000 | - | cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:* |
siemens | simatic_itp1000_firmware | - | cpe:2.3:o:siemens:simatic_itp1000_firmware:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
5.1%