Search
Find a vulnerability
Search criteria
12 vulnerabilities found for Ember ZNet SDK by silabs.com
CVE-2024-10106 (GCVE-0-2024-10106)
Vulnerability from nvd – Published: 2025-01-09 14:56 – Updated: 2026-04-16 19:03
VLAI
EPSS
VEX
Title
Ember ZNet buffer overflow in 'packet handoff' plugin
Summary
A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- cwe-120
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/SiliconLabs/simplicity_sdk/releases | release-notes |
| https://community.silabs.com/069Vm00000I1JawIAF | vendor-advisorypermissions-required |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
8.0.0 , ≤ 8.0.2
(semver)
Affected: 7.3.0 , ≤ 7.4.4 (semver) Affected: 0 , ≤ 7.2.6 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T15:25:55.951819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T15:26:15.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ember ZNet SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin\u0027s buffer."
}
],
"value": "A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin\u0027s buffer."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-120",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:03:01.041Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/SiliconLabs/simplicity_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/069Vm00000I1JawIAF"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ember ZNet buffer overflow in \u0027packet handoff\u0027 plugin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-10106",
"datePublished": "2025-01-09T14:56:47.355Z",
"dateReserved": "2024-10-17T18:51:15.899Z",
"dateUpdated": "2026-04-16T19:03:01.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3043 (GCVE-0-2024-3043)
Vulnerability from nvd – Published: 2024-06-27 18:17 – Updated: 2024-08-01 19:32
VLAI
EPSS
VEX
Title
Zigbee co-ordinator realignment packet may lead to denial of service
Summary
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/SiliconLabs/gecko_sdk | product |
| https://community.silabs.com/069Vm000005UCH0IAO | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
0 , < 8.0.0
(semver)
|
|
| silabs | emberznet_sdk |
Affected:
0 , < 8.0.0
(custom)
cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emberznet_sdk",
"vendor": "silabs",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T19:29:14.605439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T19:32:27.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/069Vm000005UCH0IAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ember ZNet SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated IEEE 802.15.4 \u0027co-ordinator realignment\u0027 packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification."
}
],
"value": "An unauthenticated IEEE 802.15.4 \u0027co-ordinator realignment\u0027 packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification."
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157 Sniffing Attacks"
}
]
},
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:17:15.392Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/069Vm000005UCH0IAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zigbee co-ordinator realignment packet may lead to denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-3043",
"datePublished": "2024-06-27T18:17:15.392Z",
"dateReserved": "2024-03-28T14:15:10.718Z",
"dateUpdated": "2024-08-01T19:32:42.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51394 (GCVE-0-2023-51394)
Vulnerability from nvd – Published: 2024-02-23 19:13 – Updated: 2024-08-16 19:31
VLAI
EPSS
VEX
Title
Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash
Summary
High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
0 , < 7.4.0
(7.4.x)
|
|
| silabs | emberznet_sdk |
Affected:
0 , < 7.4.0
(custom)
cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001NL4u"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emberznet_sdk",
"vendor": "silabs",
"versions": [
{
"lessThan": "7.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T15:58:43.725239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:31:32.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Ember ZNet SDK",
"platforms": [
"32 bit",
"ARM"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "7.4.0",
"status": "affected",
"version": "0",
"versionType": "7.4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs\u0027s Ember ZNet SDK before v7.4.0, causing a system crash."
}
],
"value": "High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs\u0027s Ember ZNet SDK before v7.4.0, causing a system crash."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T19:13:37.199Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000001NL4u"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51394",
"datePublished": "2024-02-23T19:13:37.199Z",
"dateReserved": "2023-12-18T20:56:24.812Z",
"dateUpdated": "2024-08-16T19:31:32.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51393 (GCVE-0-2023-51393)
Vulnerability from nvd – Published: 2024-02-23 19:14 – Updated: 2025-04-22 16:15
VLAI
EPSS
VEX
Title
Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer
Summary
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Unaffected:
0 , < 7.4.0.0
(7.4.x)
|
|
| silabs | emberznet_sdk |
Affected:
0 , < 7.4.0.0
(custom)
cpe:2.3:a:silabs:emberznet_sdk:-:*:*:*:*:*:*:* |
Date Public
2024-02-15 17:20
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:emberznet_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emberznet_sdk",
"vendor": "silabs",
"versions": [
{
"lessThan": "7.4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T18:23:35.948734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:15:09.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001NaAM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Gecko SDK",
"platforms": [
"ARM",
"32 bit"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "7.4.0.0",
"status": "unaffected",
"version": "0",
"versionType": "7.4.x"
}
]
}
],
"datePublic": "2024-02-15T17:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.\u003c/span\u003e"
}
],
"value": "Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:59:08.691Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000001NaAM"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51393",
"datePublished": "2024-02-23T19:14:23.817Z",
"dateReserved": "2023-12-18T20:56:24.812Z",
"dateUpdated": "2025-04-22T16:15:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51392 (GCVE-0-2023-51392)
Vulnerability from nvd – Published: 2024-02-23 16:12 – Updated: 2025-04-22 16:15
VLAI
EPSS
VEX
Title
Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
Summary
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
7.2.0 , < 7.4.0
(7.x)
|
Date Public
2024-02-15 17:32
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T17:59:54.322798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:15:25.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001BKm6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Ember ZNet SDK",
"platforms": [
"32 bit",
"ARM"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "7.4.0",
"status": "affected",
"version": "7.2.0",
"versionType": "7.x"
}
]
}
],
"datePublic": "2024-02-15T17:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks."
}
],
"value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-622",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-622 Electromagnetic Side-Channel Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1240",
"description": "CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:41:55.288Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000001BKm6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51392",
"datePublished": "2024-02-23T16:12:41.261Z",
"dateReserved": "2023-12-18T20:56:24.812Z",
"dateUpdated": "2025-04-22T16:15:25.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41096 (GCVE-0-2023-41096)
Vulnerability from nvd – Published: 2023-10-26 13:10 – Updated: 2024-09-25 16:23
VLAI
EPSS
VEX
Title
Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
Summary
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)
allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Unaffected:
7.3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:46:44.290755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:01:22.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"SecureVault High"
],
"platforms": [
"32 bit",
"ARM"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk",
"vendor": "silabs.com",
"versions": [
{
"status": "unaffected",
"version": "7.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.\u003c/p\u003e"
}
],
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\nThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-458",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-458 Flash Memory Attacks"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:23:10.406Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-41096",
"datePublished": "2023-10-26T13:10:34.406Z",
"dateReserved": "2023-08-23T04:17:16.169Z",
"dateUpdated": "2024-09-25T16:23:10.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10106 (GCVE-0-2024-10106)
Vulnerability from cvelistv5 – Published: 2025-01-09 14:56 – Updated: 2026-04-16 19:03
VLAI
EPSS
VEX
Title
Ember ZNet buffer overflow in 'packet handoff' plugin
Summary
A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- cwe-120
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/SiliconLabs/simplicity_sdk/releases | release-notes |
| https://community.silabs.com/069Vm00000I1JawIAF | vendor-advisorypermissions-required |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
8.0.0 , ≤ 8.0.2
(semver)
Affected: 7.3.0 , ≤ 7.4.4 (semver) Affected: 0 , ≤ 7.2.6 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T15:25:55.951819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T15:26:15.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ember ZNet SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin\u0027s buffer."
}
],
"value": "A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin\u0027s buffer."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-120",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:03:01.041Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/SiliconLabs/simplicity_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/069Vm00000I1JawIAF"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ember ZNet buffer overflow in \u0027packet handoff\u0027 plugin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-10106",
"datePublished": "2025-01-09T14:56:47.355Z",
"dateReserved": "2024-10-17T18:51:15.899Z",
"dateUpdated": "2026-04-16T19:03:01.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3043 (GCVE-0-2024-3043)
Vulnerability from cvelistv5 – Published: 2024-06-27 18:17 – Updated: 2024-08-01 19:32
VLAI
EPSS
VEX
Title
Zigbee co-ordinator realignment packet may lead to denial of service
Summary
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/SiliconLabs/gecko_sdk | product |
| https://community.silabs.com/069Vm000005UCH0IAO | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
0 , < 8.0.0
(semver)
|
|
| silabs | emberznet_sdk |
Affected:
0 , < 8.0.0
(custom)
cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emberznet_sdk",
"vendor": "silabs",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T19:29:14.605439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T19:32:27.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/069Vm000005UCH0IAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ember ZNet SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated IEEE 802.15.4 \u0027co-ordinator realignment\u0027 packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification."
}
],
"value": "An unauthenticated IEEE 802.15.4 \u0027co-ordinator realignment\u0027 packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification."
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157 Sniffing Attacks"
}
]
},
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:17:15.392Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/069Vm000005UCH0IAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zigbee co-ordinator realignment packet may lead to denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-3043",
"datePublished": "2024-06-27T18:17:15.392Z",
"dateReserved": "2024-03-28T14:15:10.718Z",
"dateUpdated": "2024-08-01T19:32:42.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51393 (GCVE-0-2023-51393)
Vulnerability from cvelistv5 – Published: 2024-02-23 19:14 – Updated: 2025-04-22 16:15
VLAI
EPSS
VEX
Title
Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer
Summary
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Unaffected:
0 , < 7.4.0.0
(7.4.x)
|
|
| silabs | emberznet_sdk |
Affected:
0 , < 7.4.0.0
(custom)
cpe:2.3:a:silabs:emberznet_sdk:-:*:*:*:*:*:*:* |
Date Public
2024-02-15 17:20
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:emberznet_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emberznet_sdk",
"vendor": "silabs",
"versions": [
{
"lessThan": "7.4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T18:23:35.948734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:15:09.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001NaAM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Gecko SDK",
"platforms": [
"ARM",
"32 bit"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "7.4.0.0",
"status": "unaffected",
"version": "0",
"versionType": "7.4.x"
}
]
}
],
"datePublic": "2024-02-15T17:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.\u003c/span\u003e"
}
],
"value": "Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:59:08.691Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000001NaAM"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51393",
"datePublished": "2024-02-23T19:14:23.817Z",
"dateReserved": "2023-12-18T20:56:24.812Z",
"dateUpdated": "2025-04-22T16:15:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51394 (GCVE-0-2023-51394)
Vulnerability from cvelistv5 – Published: 2024-02-23 19:13 – Updated: 2024-08-16 19:31
VLAI
EPSS
VEX
Title
Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash
Summary
High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
0 , < 7.4.0
(7.4.x)
|
|
| silabs | emberznet_sdk |
Affected:
0 , < 7.4.0
(custom)
cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001NL4u"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emberznet_sdk",
"vendor": "silabs",
"versions": [
{
"lessThan": "7.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T15:58:43.725239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:31:32.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Ember ZNet SDK",
"platforms": [
"32 bit",
"ARM"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "7.4.0",
"status": "affected",
"version": "0",
"versionType": "7.4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs\u0027s Ember ZNet SDK before v7.4.0, causing a system crash."
}
],
"value": "High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs\u0027s Ember ZNet SDK before v7.4.0, causing a system crash."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T19:13:37.199Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000001NL4u"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51394",
"datePublished": "2024-02-23T19:13:37.199Z",
"dateReserved": "2023-12-18T20:56:24.812Z",
"dateUpdated": "2024-08-16T19:31:32.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51392 (GCVE-0-2023-51392)
Vulnerability from cvelistv5 – Published: 2024-02-23 16:12 – Updated: 2025-04-22 16:15
VLAI
EPSS
VEX
Title
Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
Summary
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Affected:
7.2.0 , < 7.4.0
(7.x)
|
Date Public
2024-02-15 17:32
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T17:59:54.322798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:15:25.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001BKm6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Ember ZNet SDK",
"platforms": [
"32 bit",
"ARM"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "7.4.0",
"status": "affected",
"version": "7.2.0",
"versionType": "7.x"
}
]
}
],
"datePublic": "2024-02-15T17:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks."
}
],
"value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-622",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-622 Electromagnetic Side-Channel Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1240",
"description": "CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:41:55.288Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000001BKm6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51392",
"datePublished": "2024-02-23T16:12:41.261Z",
"dateReserved": "2023-12-18T20:56:24.812Z",
"dateUpdated": "2025-04-22T16:15:25.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41096 (GCVE-0-2023-41096)
Vulnerability from cvelistv5 – Published: 2023-10-26 13:10 – Updated: 2024-09-25 16:23
VLAI
EPSS
VEX
Title
Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
Summary
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)
allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Ember ZNet SDK |
Unaffected:
7.3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:46:44.290755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:01:22.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"SecureVault High"
],
"platforms": [
"32 bit",
"ARM"
],
"product": "Ember ZNet SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk",
"vendor": "silabs.com",
"versions": [
{
"status": "unaffected",
"version": "7.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.\u003c/p\u003e"
}
],
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\nThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-458",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-458 Flash Memory Attacks"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:23:10.406Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-41096",
"datePublished": "2023-10-26T13:10:34.406Z",
"dateReserved": "2023-08-23T04:17:16.169Z",
"dateUpdated": "2024-09-25T16:23:10.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}