FKIE_CVE-2024-2502

Vulnerability from fkie_nvd - Published: 2024-08-29 22:15 - Updated: 2024-08-30 13:00
Severity ?
2.0 (Low) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.
References
product-security@silabs.comhttps://community.silabs.com/sfc/servlet.shepherd/document/download/069Vm00000BYb5HIAT?operationContext=S1
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later."
    },
    {
      "lang": "es",
      "value": "Se puede configurar una aplicaci\u00f3n para bloquear los intentos de arranque despu\u00e9s de detectar reinicios de manipulaci\u00f3n consecutivos, lo que puede no ocurrir como se espera. Esto es posible porque el registro TAMPERRSTCAUSE puede no actualizarse correctamente cuando se produce un evento de manipulaci\u00f3n de nivel 4 (un reinicio de manipulaci\u00f3n). Esto afecta a los dispositivos HSE-SVH de la serie 2, incluidos xG23B, xG24B, xG25B y xG28B, pero no afecta a xG21B. Para mitigar este problema, actualice a la versi\u00f3n 2.2.6 del firmware SE o posterior."
    }
  ],
  "id": "CVE-2024-2502",
  "lastModified": "2024-08-30T13:00:05.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.0,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 1.4,
        "source": "product-security@silabs.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-29T22:15:05.153",
  "references": [
    {
      "source": "product-security@silabs.com",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/069Vm00000BYb5HIAT?operationContext=S1"
    }
  ],
  "sourceIdentifier": "product-security@silabs.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "product-security@silabs.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.