CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2502 – Failure to update the tamper reset cause register when a tamper event occurs
https://notcve.org/view.php?id=CVE-2024-2502
29 Aug 2024 — An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later. • https://community.silabs.com/sfc/servlet.shepherd/document/download/069Vm00000BYb5HIAT?operationContext=S1 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3017 – Denial of service in multi-protocol gateway - Zigbee + Thread
https://notcve.org/view.php?id=CVE-2024-3017
27 Jun 2024 — In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service. • https://community.silabs.com/069Vm000007UEhZIAW • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3043 – Zigbee co-ordinator realignment packet may lead to denial of service
https://notcve.org/view.php?id=CVE-2024-3043
27 Jun 2024 — An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification. • https://community.silabs.com/069Vm000005UCH0IAO • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4013 – Failure to update BT Mesh Replay Protection List
https://notcve.org/view.php?id=CVE-2024-4013
06 Jun 2024 — A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#. Existe un error en la API, mesh_node_power_off(), que no puede copiar el contenido de la Lista de protección de reproducción (RPL) de ... • https://community.silabs.com/068Vm000006rR53 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3052 – Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-3052
26 Apr 2024 — Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. Se pueden enviar clases de comando S2 Nonce Get con formato incorrecto para bloquear la puerta de enlace. Se requiere un reinicio completo para recuperar la puerta de enlace. • https://community.silabs.com/068Vm0000045w2j • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3051 – Z/IP Gateway Device Reset Locally Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-3051
26 Apr 2024 — Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. Restablecimiento de dispositivo con formato incorrecto Se pueden enviar clases de comando localmente para denegar temporalmente el servicio a un dispositivo final. La puerta de enlace no reconocerá ninguna trama enviada por el dispositivo final durante este tiempo. • https://community.silabs.com/068Vm0000045w2j • CWE-248: Uncaught Exception CWE-345: Insufficient Verification of Data Authenticity CWE-419: Unprotected Primary Channel CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51394 – Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash
https://notcve.org/view.php?id=CVE-2023-51394
23 Feb 2024 — High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. Los entornos de mucho tráfico pueden provocar una vulnerabilidad de desreferencia de puntero NULL en el SDK Ember ZNet de Silicon Labs anterior a la versión 7.4.0, lo que provoca un fallo del sistema. • https://community.silabs.com/068Vm000001NL4u • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51392 – Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
https://notcve.org/view.php?id=CVE-2023-51392
23 Feb 2024 — Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. Ember ZNet entre v7.2.0 y v7.4.0 utilizó software AES-CCM en lugar de aceleradores criptográficos de hardware integrados, lo que potencialmente aumenta el riesgo de ataques de canal lateral de análisis de potencia diferencial y electromagnético. • https://community.silabs.com/068Vm000001BKm6 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6640 – Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6640
21 Feb 2024 — Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. Se pueden enviar paquetes S2 Nonce Get Command Class con formato incorrecto para bloquear el PC Controller v5.54.0 y versiones anteriores. • https://community.silabs.com/068Vm000001HdNm • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6533 – Silicon Labs PC Controller Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6533
21 Feb 2024 — Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. Se pueden enviar paquetes de clase de comando de reinicio local de dispositivo con formato incorrecto al controlador, lo que hace que el controlador asuma que el dispositivo final ha abandonado la red. Despu... • https://community.silabs.com/068Vm000001HdNm • CWE-248: Uncaught Exception CWE-345: Insufficient Verification of Data Authenticity CWE-419: Unprotected Primary Channel CWE-754: Improper Check for Unusual or Exceptional Conditions •