Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-33907 (GCVE-0-2022-33907)
Vulnerability from cvelistv5 – Published: 2022-11-14 00:00 – Updated: 2025-04-30 18:52
VLAI
EPSS
Summary
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-33907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T18:50:57.748008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T18:52:04.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33907",
"datePublished": "2022-11-14T00:00:00.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2025-04-30T18:52:04.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-33907",
"date": "2026-06-04",
"epss": "0.00051",
"percentile": "0.1642"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-33907\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-11-14T23:15:10.053\",\"lastModified\":\"2025-04-30T19:15:49.757\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049\"},{\"lang\":\"es\",\"value\":\"Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador IdeBusDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU... Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador IdeBusDxe podr\u00edan causar corrupci\u00f3n SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.2.05.27.25\",\"matchCriteriaId\":\"D27D786B-7905-4963-8919-C06B53FF1BE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.3.05.36.25\",\"matchCriteriaId\":\"D80AAA27-6BBB-4476-9A8B-75C838DD3CB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.05.44.25\",\"matchCriteriaId\":\"6F161D09-7811-4B26-914E-C082D86044A4\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.insyde.com/security-pledge\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge/SA-2022049\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.insyde.com/security-pledge\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge/SA-2022049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.insyde.com/security-pledge\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.insyde.com/security-pledge/SA-2022049\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T08:09:22.674Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-33907\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-30T18:50:57.748008Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-30T18:51:12.196Z\"}}], \"cna\": {\"source\": {\"discovery\": \"INTERNAL\"}, \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.insyde.com/security-pledge\"}, {\"url\": \"https://www.insyde.com/security-pledge/SA-2022049\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-02-14T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-33907\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-30T18:52:04.921Z\", \"dateReserved\": \"2022-06-17T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-11-14T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0121
Vulnerability from certfr_avis - Published: 2023-02-14 - Updated: 2023-02-14
De multiples vulnérabilités ont été corrigées dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | JT Utilities versions antérieures à V13.2.3.0 | ||
| Siemens | N/A | Parasolid V35.0 versions antérieures à V35.0.170 | ||
| Siemens | N/A | TIA Project-Server versions antérieures à V1.1 | ||
| Siemens | N/A | COMOS V10.3.3.4 versions antérieures à V10.3.3.4.6 | ||
| Siemens | N/A | SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Parasolid V34.1 versions antérieures à V34.1.242 | ||
| Siemens | N/A | TIA Multiuser Server V16 toutes les versions | ||
| Siemens | N/A | COMOS V10.2 toutes les versions | ||
| Siemens | N/A | Simcenter Femap versions antérieures à V2023.1 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 (V9.12) antérieures à V9.12.10 | ||
| Siemens | N/A | Parasolid V35.1 versions antérieures à V35.1.150 | ||
| Siemens | N/A | COMOS V10.3.3.3 versions antérieures à V10.3.3.3.9 | ||
| Siemens | N/A | SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Brownfield Connectivity - Client versions antérieures à V2.15 | ||
| Siemens | N/A | COMOS V10.4.2.0 versions antérieures à V10.4.2.0.25 | ||
| Siemens | N/A | TIA Multiuser Server V14 toutes les versions | ||
| Siemens | N/A | COMOS V10.3.3.1 versions antérieures à V10.3.3.1.45 | ||
| Siemens | N/A | Parasolid V34.0 versions antérieures à V34.0.254 | ||
| Siemens | N/A | SiPass integrated AC5102 (ACC-G2) versions antérieures à V2.85.44 | ||
| Siemens | N/A | Solid Edge SE2023 versions antérieures à V2023Update2 | ||
| Siemens | N/A | SiPass integrated ACC-AP versions antérieures à V2.85.43 | ||
| Siemens | N/A | SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | COMOS V10.4.0.0 versions antérieures à V10.4.0.0.31 | ||
| Siemens | N/A | Applications utilisant Mendix versions 7 antérieures à V7.23.34 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 (V9.18) antérieures à V9.18.4 | ||
| Siemens | N/A | SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | TIA Multiuser Server V15 versions antérieures à V15.1 Update 8 | ||
| Siemens | N/A | SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Applications utilisant Mendix versions 8 antérieures à V8.18.23 | ||
| Siemens | N/A | Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions | ||
| Siemens | N/A | SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Brownfield Connectivity - Gateway versions antérieures à V1.11 | ||
| Siemens | N/A | SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | TIA Multiuser Server V17 toutes les versions | ||
| Siemens | N/A | Famille de produits RUGGEDCOM APE1808 toutes les versions | ||
| Siemens | N/A | SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 (V9.6) antérieures à V9.6.15 | ||
| Siemens | N/A | COMOS V10.4.1.0 versions antérieures à V10.4.1.0.32 | ||
| Siemens | N/A | SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | COMOS V10.3.3.2 versions antérieures à V10.3.3.2.33 | ||
| Siemens | N/A | Tecnomatix Plant Simulation versions antérieures à V2201.0006 | ||
| Siemens | N/A | JT Open versions antérieures à V11.2.3.0 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 antérieures à V9.22.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.170",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Project-Server versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.4 versions ant\u00e9rieures \u00e0 V10.3.3.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V34.1 versions ant\u00e9rieures \u00e0 V34.1.242",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V16 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.2 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 (V9.12) ant\u00e9rieures \u00e0 V9.12.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.150",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.3 versions ant\u00e9rieures \u00e0 V10.3.3.3.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Brownfield Connectivity - Client versions ant\u00e9rieures \u00e0 V2.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.4.2.0 versions ant\u00e9rieures \u00e0 V10.4.2.0.25",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V14 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.1 versions ant\u00e9rieures \u00e0 V10.3.3.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V34.0 versions ant\u00e9rieures \u00e0 V34.0.254",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiPass integrated AC5102 (ACC-G2) versions ant\u00e9rieures \u00e0 V2.85.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 V2023Update2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiPass integrated ACC-AP versions ant\u00e9rieures \u00e0 V2.85.43",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.4.0.0 versions ant\u00e9rieures \u00e0 V10.4.0.0.31",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 7 ant\u00e9rieures \u00e0 V7.23.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 (V9.18) ant\u00e9rieures \u00e0 V9.18.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V15 versions ant\u00e9rieures \u00e0 V15.1 Update 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 8 ant\u00e9rieures \u00e0 V8.18.23",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Brownfield Connectivity - Gateway versions ant\u00e9rieures \u00e0 V1.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V17 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Famille de produits RUGGEDCOM APE1808 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 (V9.6) ant\u00e9rieures \u00e0 V9.6.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.4.1.0 versions ant\u00e9rieures \u00e0 V10.4.1.0.32",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.2 versions ant\u00e9rieures \u00e0 V10.3.3.2.33",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation versions ant\u00e9rieures \u00e0 V2201.0006",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 ant\u00e9rieures \u00e0 V9.22.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24556",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24556"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-24990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24990"
},
{
"name": "CVE-2022-39157",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39157"
},
{
"name": "CVE-2022-46345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
},
{
"name": "CVE-2023-22669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22669"
},
{
"name": "CVE-2023-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24549"
},
{
"name": "CVE-2023-24560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24560"
},
{
"name": "CVE-2022-31808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31808"
},
{
"name": "CVE-2022-46347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
},
{
"name": "CVE-2022-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
},
{
"name": "CVE-2022-46349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2023-24552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24552"
},
{
"name": "CVE-2021-43391",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43391"
},
{
"name": "CVE-2023-24980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24980"
},
{
"name": "CVE-2021-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
},
{
"name": "CVE-2022-33984",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33984"
},
{
"name": "CVE-2023-24551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24551"
},
{
"name": "CVE-2022-46346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
},
{
"name": "CVE-2023-24992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24992"
},
{
"name": "CVE-2022-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
},
{
"name": "CVE-2007-5846",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
},
{
"name": "CVE-2022-33906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33906"
},
{
"name": "CVE-2023-24562",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24562"
},
{
"name": "CVE-2023-24482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24482"
},
{
"name": "CVE-2023-24994",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24994"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2022-43397",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43397"
},
{
"name": "CVE-2023-24561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24561"
},
{
"name": "CVE-2023-24995",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24995"
},
{
"name": "CVE-2022-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30774"
},
{
"name": "CVE-2023-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24553"
},
{
"name": "CVE-2023-24984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24984"
},
{
"name": "CVE-2021-32938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
},
{
"name": "CVE-2023-24993",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24993"
},
{
"name": "CVE-2023-24558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24558"
},
{
"name": "CVE-2022-46348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
},
{
"name": "CVE-2023-22295",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22295"
},
{
"name": "CVE-2021-32948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
},
{
"name": "CVE-2022-33982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33982"
},
{
"name": "CVE-2023-22846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22846"
},
{
"name": "CVE-2023-24983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24983"
},
{
"name": "CVE-2022-47936",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47936"
},
{
"name": "CVE-2022-47977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47977"
},
{
"name": "CVE-2023-24550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24550"
},
{
"name": "CVE-2023-24565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24565"
},
{
"name": "CVE-2023-25140",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25140"
},
{
"name": "CVE-2023-24988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24988"
},
{
"name": "CVE-2022-35868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35868"
},
{
"name": "CVE-2023-24554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24554"
},
{
"name": "CVE-2022-33907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33907"
},
{
"name": "CVE-2021-43336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43336"
},
{
"name": "CVE-2023-24581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24581"
},
{
"name": "CVE-2023-22321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22321"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24557"
},
{
"name": "CVE-2023-24566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24566"
},
{
"name": "CVE-2023-24978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24978"
},
{
"name": "CVE-2023-24555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24555"
},
{
"name": "CVE-2023-24979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24979"
},
{
"name": "CVE-2023-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22354"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2023-24987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24987"
},
{
"name": "CVE-2023-24986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24986"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-23579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23579"
},
{
"name": "CVE-2023-24564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24564"
},
{
"name": "CVE-2023-24982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24982"
},
{
"name": "CVE-2023-24996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24996"
},
{
"name": "CVE-2022-31243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31243"
},
{
"name": "CVE-2023-24563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24563"
},
{
"name": "CVE-2023-24985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24985"
},
{
"name": "CVE-2023-24991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24991"
},
{
"name": "CVE-2023-24981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24981"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-33908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33908"
},
{
"name": "CVE-2023-23835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23835"
},
{
"name": "CVE-2023-24559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24559"
},
{
"name": "CVE-2023-24989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24989"
},
{
"name": "CVE-2023-22670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22670"
}
],
"initial_release_date": "2023-02-14T00:00:00",
"last_revision_date": "2023-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf"
}
],
"reference": "CERTFR-2023-AVI-0121",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-847261 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-693110 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-953464 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-744259 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-617755 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-658793 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-450613 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-491245 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-686975 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-836777 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-565356 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-252808 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-640968 du 14 f\u00e9vrier 2023",
"url": null
}
]
}
FKIE_CVE-2022-33907
Vulnerability from fkie_nvd - Published: 2022-11-14 23:15 - Updated: 2025-04-30 19:15
Severity
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf | ||
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022049 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022049 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D786B-7905-4963-8919-C06B53FF1BE7",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador IdeBusDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU... Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador IdeBusDxe podr\u00edan causar corrupci\u00f3n SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
}
],
"id": "CVE-2022-33907",
"lastModified": "2025-04-30T19:15:49.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-14T23:15:10.053",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022049"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-FH27-97R5-49GQ
Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-18 18:30
VLAI
Details
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049
Severity
6.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-33907"
],
"database_specific": {
"cwe_ids": [
"CWE-367"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-14T23:15:00Z",
"severity": "MODERATE"
},
"details": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049",
"id": "GHSA-fh27-97r5-49gq",
"modified": "2022-11-18T18:30:25Z",
"published": "2022-11-15T12:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33907"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/SA-2022049"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-33907
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-33907",
"description": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049",
"id": "GSD-2022-33907"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-33907"
],
"details": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049",
"id": "GSD-2022-33907",
"modified": "2023-12-13T01:19:23.116822Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"url": "https://www.insyde.com/security-pledge"
},
{
"name": "https://www.insyde.com/security-pledge/SA-2022049",
"refsource": "MISC",
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
]
},
"source": {
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33907"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"name": "https://www.insyde.com/security-pledge/SA-2022049",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-14T12:15Z",
"publishedDate": "2022-11-14T23:15Z"
}
}
}
WID-SEC-W-2023-0706
Vulnerability from csaf_certbund - Published: 2023-03-21 23:00 - Updated: 2023-03-21 23:00Summary
Insyde UEFI Firmware: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: InsydeH2O UEFI BIOS ist eine proprietäre, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterstützt.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in der Insyde UEFI Firmware ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme: - BIOS/Firmware
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Insyde UEFI Firmware
Insyde
|
cpe:/h:insyde:uefi:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "InsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in der Insyde UEFI Firmware ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0706 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0706.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0706 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0706"
},
{
"category": "external",
"summary": "HP Customer Support - Knowledge Base vom 2023-03-21",
"url": "https://support.hp.com/us-en/document/ish_7838102-7838162-16/HPSBHF03836"
}
],
"source_lang": "en-US",
"title": "Insyde UEFI Firmware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-03-21T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:47:03.228+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0706",
"initial_release_date": "2023-03-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-03-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HP Computer",
"product": {
"name": "HP Computer",
"product_id": "T023191",
"product_identification_helper": {
"cpe": "cpe:/h:hp:computer:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "Insyde UEFI Firmware",
"product": {
"name": "Insyde UEFI Firmware",
"product_id": "T026843",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:-"
}
}
}
],
"category": "vendor",
"name": "Insyde"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-34325",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-34325"
},
{
"cve": "CVE-2022-33986",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33986"
},
{
"cve": "CVE-2022-33985",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33985"
},
{
"cve": "CVE-2022-33984",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33984"
},
{
"cve": "CVE-2022-33983",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33983"
},
{
"cve": "CVE-2022-33982",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33982"
},
{
"cve": "CVE-2022-33909",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33909"
},
{
"cve": "CVE-2022-33908",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33908"
},
{
"cve": "CVE-2022-33907",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33907"
},
{
"cve": "CVE-2022-33906",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33906"
},
{
"cve": "CVE-2022-33905",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-33905"
},
{
"cve": "CVE-2022-32267",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-32267"
},
{
"cve": "CVE-2022-32266",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-32266"
},
{
"cve": "CVE-2022-31243",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-31243"
},
{
"cve": "CVE-2022-30774",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-30774"
},
{
"cve": "CVE-2022-30773",
"notes": [
{
"category": "description",
"text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T023191",
"T026843"
]
},
"release_date": "2023-03-21T23:00:00.000+00:00",
"title": "CVE-2022-30773"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…