CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51393 – Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer
https://notcve.org/view.php?id=CVE-2023-51393
23 Feb 2024 — Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. Debido a una asignación de recursos sin límites, existe una vulnerabilidad de consumo de recursos incontrolado en Silicon Labs Ember ZNet SDK anterior a v7.4.0.0 (entregado com... • https://community.silabs.com/068Vm000001NaAM • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41096 – Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
https://notcve.org/view.php?id=CVE-2023-41096
26 Oct 2023 — Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. Vulnerabilidad de Falta de Cifrado de Claves de Seguridad en Silicon Labs Ember ZNet SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de las credenciales de red almacenadas en la memoria flash. ... • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •