CVE-2024-3052 – Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-3052
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. Se pueden enviar clases de comando S2 Nonce Get con formato incorrecto para bloquear la puerta de enlace. Se requiere un reinicio completo para recuperar la puerta de enlace. • https://community.silabs.com/068Vm0000045w2j • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2024-3051 – Z/IP Gateway Device Reset Locally Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-3051
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. Restablecimiento de dispositivo con formato incorrecto Se pueden enviar clases de comando localmente para denegar temporalmente el servicio a un dispositivo final. La puerta de enlace no reconocerá ninguna trama enviada por el dispositivo final durante este tiempo. • https://community.silabs.com/068Vm0000045w2j • CWE-248: Uncaught Exception CWE-345: Insufficient Verification of Data Authenticity CWE-419: Unprotected Primary Channel CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-51394 – Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash
https://notcve.org/view.php?id=CVE-2023-51394
High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. Los entornos de mucho tráfico pueden provocar una vulnerabilidad de desreferencia de puntero NULL en el SDK Ember ZNet de Silicon Labs anterior a la versión 7.4.0, lo que provoca un fallo del sistema. • https://community.silabs.com/068Vm000001NL4u • CWE-476: NULL Pointer Dereference •
CVE-2023-51392 – Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
https://notcve.org/view.php?id=CVE-2023-51392
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. Ember ZNet entre v7.2.0 y v7.4.0 utilizó software AES-CCM en lugar de aceleradores criptográficos de hardware integrados, lo que potencialmente aumenta el riesgo de ataques de canal lateral de análisis de potencia diferencial y electromagnético. • https://community.silabs.com/068Vm000001BKm6 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVE-2023-6640 – Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6640
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. Se pueden enviar paquetes S2 Nonce Get Command Class con formato incorrecto para bloquear el PC Controller v5.54.0 y versiones anteriores. • https://community.silabs.com/068Vm000001HdNm • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •