UEFI firmware vulnerabilities
Canon Medical Systems Security Advisory
Overview:
It was announced that there are security vulnerabilities that affect UEFI firmware from InsydeH2O, REF: UEFI Firmware Vulnerabilities , used by multiple computer vendors. UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions. 23 vulnerabilities were found in the InsydeH2O UEFI firmware, most of them in the software's System Management Mode (SMM) that provides system-wide functions such as power management and hardware control.
Vulnerability Overview:
| Vulnerabilities | CVD ID | CVSS |
| SMM Callout (Privilege Escalation) | CVE-2020-27339 | 8.2 |
| CVE-2020-5953 | 7.5 | |
| CVE-2021-41839 | 8.2 | |
| CVE-2021-41840 | 7.5 | |
| CVE-2021-41841 | 8.2 | |
| CVE-2021-42060 | 7.5 | |
| CVE-2021-42113 | 8.2 | |
| CVE-2021-43522 | 7.5 | |
| CVE-2021-43615 | 8.2 | |
| CVE-2022-24069 | 8.2 | |
| SMM Memory Corruption | CVE-2021-33625 | 7.5 |
| CVE-2021-33626 | 8.2 | |
| CVE-2021-33627 | 8.2 | |
| CVE-2021-41837 | 8.2 | |
| CVE-2021-41838 | 8.2 | |
| CVE-2021-42554 | 7.5 | |
| CVE-2021-43323 | 8.2 | |
| CVE-2021-45969 | 8.2 | |
| CVE-2021-45970 | 8.2 | |
| CVE-2021-45971 | 8.2 | |
| CVE-2022-24030 | 7.5 | |
| CVE-2022-24031 | 7.5 | |
| DXE Memory Corruption | CVE-2021-42059 | 8.2 |
Possible Affected Canon Medical Systems Products:
The following Canon Medical Systems Corporation products are not using InsydeH2O UEFI firmware.
- XR Medical Imaging Products
- VL Medical Imaging Products
- MR Medical Imaging Products
- CT Medical Imaging Products
- UL Medical Imaging Products
- NM Medical Imaging Products
Notes:
Researcher who found these vulnerabilities evaluates "Attack Vector" of all 23 vulnerabilities are "Local" and "Privileges Required" of all 23 vulnerabilities are "High". The attacker needs to access the target system locally in order to exploit the vulnerabilities, and requires privileges that provide significant (e.g., administrative) control. The risk of possible impacted Canon Medical Systems Corporation imaging devices, which are located in a secure location such as examination room, is considered as low.
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
