CVE-2021-33626

HIGH

SMM - Buffer Overflow

Title source: llm

Description

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

References (5)

[Vendor Advisory] https://www.insyde.com/security-pledge

[Vendor Advisory] https://www.insyde.com/security-pledge/SA-2021001

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220216-0006/

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/796611

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-829

Status published

Products (17)

insyde/insydeh2o 5.3 - 5.34.44

siemens/ruggedcom_apr1808_firmware

siemens/simatic_field_pg_m5_firmware

siemens/simatic_field_pg_m6_firmware

siemens/simatic_ipc127e_firmware

siemens/simatic_ipc227g_firmware

siemens/simatic_ipc277g_firmware

siemens/simatic_ipc327g_firmware

siemens/simatic_ipc377g_firmware

siemens/simatic_ipc427e_firmware

... and 7 more

Published Oct 01, 2021

Tracked Since Feb 18, 2026