CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6657 – BLE peripheral DoS after few cycles of connect/disconnects
https://notcve.org/view.php?id=CVE-2024-6657
11 Oct 2024 — A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000E9IIbIAN?operationContext=S1 • CWE-821: Incorrect Synchronization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2502 – Failure to update the tamper reset cause register when a tamper event occurs
https://notcve.org/view.php?id=CVE-2024-2502
29 Aug 2024 — An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later. • https://community.silabs.com/sfc/servlet.shepherd/document/download/069Vm00000BYb5HIAT?operationContext=S1 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3017 – Denial of service in multi-protocol gateway - Zigbee + Thread
https://notcve.org/view.php?id=CVE-2024-3017
27 Jun 2024 — In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service. • https://community.silabs.com/069Vm000007UEhZIAW • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3043 – Zigbee co-ordinator realignment packet may lead to denial of service
https://notcve.org/view.php?id=CVE-2024-3043
27 Jun 2024 — An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification. • https://community.silabs.com/069Vm000005UCH0IAO • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23937 – Silicon Labs Gecko OS Debug Interface Format String
https://notcve.org/view.php?id=CVE-2024-23937
21 Jun 2024 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. • https://community.silabs.com/a45Vm0000000Atp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4013 – Failure to update BT Mesh Replay Protection List
https://notcve.org/view.php?id=CVE-2024-4013
06 Jun 2024 — A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#. Existe un error en la API, mesh_node_power_off(), que no puede copiar el contenido de la Lista de protección de reproducción (RPL) de ... • https://community.silabs.com/068Vm000006rR53 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3052 – Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-3052
26 Apr 2024 — Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. Se pueden enviar clases de comando S2 Nonce Get con formato incorrecto para bloquear la puerta de enlace. Se requiere un reinicio completo para recuperar la puerta de enlace. • https://community.silabs.com/068Vm0000045w2j • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3051 – Z/IP Gateway Device Reset Locally Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-3051
26 Apr 2024 — Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. Restablecimiento de dispositivo con formato incorrecto Se pueden enviar clases de comando localmente para denegar temporalmente el servicio a un dispositivo final. La puerta de enlace no reconocerá ninguna trama enviada por el dispositivo final durante este tiempo. • https://community.silabs.com/068Vm0000045w2j • CWE-248: Uncaught Exception CWE-345: Insufficient Verification of Data Authenticity CWE-419: Unprotected Primary Channel CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51391 – Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2023-51391
16 Apr 2024 — A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. Un error en Micrium OS Network HTTP Server permite una desreferencia de puntero no válida durante el procesamiento del encabezado, lo que podría provocar una falla del dispositivo y una denegación de servicio. • https://community.silabs.com/068Vm000004688g • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51395 – Z-Wave S0 Decryption Vulnerability in End Devices
https://notcve.org/view.php?id=CVE-2023-51395
07 Mar 2024 — The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. La vulnerabilidad descrita por CVE-2023-0972 también se descubrió en los dispositivos finales Z-Wave de Silicon Labs. Esta vulnerabilidad puede permitir que un atacante no autenticado dentro del alcance de Z-Wave desbordamiento de búfer en la región stack ... • https://community.silabs.com/068Vm0000029Xq5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •