Simatic Field Pg M5 Firmware Security Vulnerabilities and Issues — Simatic Field Pg M5 Firmware CVE List

Lucene search

SiemensSimatic Field Pg M5 Firmware

7 matches found

CVE•added 2022/02/03 2:15 a.m.•89 views

CVE-2021-42059

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.

7.2CVSS7.5AI score0.00066EPSS

CVE•added 2022/02/03 1:15 a.m.•83 views

CVE-2020-5953

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating ...

7.5CVSS7.8AI score0.0021EPSS

CVE•added 2021/10/01 3:15 a.m.•81 views

CVE-2021-33626

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execut...

7.8CVSS8AI score0.00081EPSS

CVE•added 2018/09/12 7:29 p.m.•76 views

CVE-2018-3657

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

7.2CVSS6.7AI score0.00299EPSS

CVE•added 2021/06/16 4:15 p.m.•76 views

CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and S...

7.2CVSS6.6AI score0.00049EPSS

CVE•added 2022/02/03 2:15 a.m.•74 views

CVE-2021-33625

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.

7.5CVSS7.6AI score0.00066EPSS

CVE•added 2017/11/21 2:29 p.m.•61 views

CVE-2017-5711

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

7.8CVSS7.4AI score0.00149EPSS