Vulnerability Description
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Insydeh2O | 5.12.09.0074 |
| Siemens | Ruggedcom Ape1808 Firmware | - |
| Siemens | Ruggedcom Ape1808 | - |
| Siemens | Simatic Field Pg M6 Firmware | - |
| Siemens | Simatic Field Pg M6 | - |
| Siemens | Simatic Ipc127E Firmware | - |
| Siemens | Simatic Ipc127E | - |
| Siemens | Simatic Ipc227G Firmware | - |
| Siemens | Simatic Ipc227G | - |
| Siemens | Simatic Ipc277G Firmware | - |
| Siemens | Simatic Ipc277G | - |
| Siemens | Simatic Itp1000 Firmware | - |
| Siemens | Simatic Itp1000 | - |
| Siemens | Simatic Ipc477E Pro Firmware | - |
| Siemens | Simatic Ipc477E Pro | - |
| Siemens | Simatic Ipc627E Firmware | - |
| Siemens | Simatic Ipc627E | - |
| Siemens | Simatic Ipc647E Firmware | - |
| Siemens | Simatic Ipc647E | - |
| Siemens | Simatic Ipc677E Firmware | - |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220222-0005/Third Party Advisory
- https://www.insyde.com/productsProductVendor Advisory
- https://www.insyde.com/security-pledgeVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220222-0005/Third Party Advisory
- https://www.insyde.com/productsProductVendor Advisory
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.kb.cert.org/vuls/id/796611
FAQ
What is CVE-2020-5953?
CVE-2020-5953 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariabl...
How severe is CVE-2020-5953?
CVE-2020-5953 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5953?
Check the references section above for vendor advisories and patch information. Affected products include: Insyde Insydeh2O, Siemens Ruggedcom Ape1808 Firmware, Siemens Ruggedcom Ape1808, Siemens Simatic Field Pg M6 Firmware, Siemens Simatic Field Pg M6.