CVE-2023-51392 - Vulnerability Details - OpenCVE

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Silabs	Emberznet

Configuration 1 [-]

cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.silabs.com/068Vm000001BKm6

History

Wed, 12 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Silabs Silabs emberznet
Weaknesses		CWE-327
CPEs		cpe:2.3:a:silabs:emberznet::::::::
Vendors & Products		Silabs Silabs emberznet

Fri, 27 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-327
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1240

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2024-02-23T16:12:41.261Z

Updated: 2024-09-27T15:41:55.288Z

Reserved: 2023-12-18T20:56:24.812Z

Link: CVE-2023-51392

Vulnrichment

Updated: 2024-08-02T22:32:09.157Z

NVD

Status : Analyzed

Published: 2024-02-23T17:15:07.840

Modified: 2025-02-12T18:49:30.867

Link: CVE-2023-51392

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51392", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-12-18T20:56:24.812Z", "datePublished": "2024-02-23T16:12:41.261Z", "dateUpdated": "2024-09-27T15:41:55.288Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Ember ZNet SDK", "platforms": ["32 bit", "ARM"], "product": "Ember ZNet SDK", "repo": "https://github.com/SiliconLabs/gecko_sdk/releases", "vendor": "silabs.com", "versions": [{"lessThan": "7.4.0", "status": "affected", "version": "7.2.0", "versionType": "7.x"}]}], "datePublic": "2024-02-15T17:32:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks."}], "value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks."}], "impacts": [{"capecId": "CAPEC-622", "descriptions": [{"lang": "en", "value": "CAPEC-622 Electromagnetic Side-Channel Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1240", "description": "CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-27T15:41:55.288Z"}, "references": [{"url": "https://community.silabs.com/068Vm000001BKm6"}], "source": {"discovery": "UNKNOWN"}, "title": "Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-25T17:59:54.322798Z", "id": "CVE-2023-51392", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T18:00:05.580Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.157Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.silabs.com/068Vm000001BKm6", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.silabs.com/068Vm000001BKm6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.157Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-51392", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-25T17:59:54.322798Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T17:59:59.629Z"}}], "cna": {"title": "Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-622", "descriptions": [{"lang": "en", "value": "CAPEC-622 Electromagnetic Side-Channel Attack"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/SiliconLabs/gecko_sdk/releases", "vendor": "silabs.com", "product": "Ember ZNet SDK", "versions": [{"status": "affected", "version": "7.2.0", "lessThan": "7.4.0", "versionType": "7.x"}], "platforms": ["32 bit", "ARM"], "packageName": "Ember ZNet SDK", "defaultStatus": "unaffected"}], "datePublic": "2024-02-15T17:32:00.000Z", "references": [{"url": "https://community.silabs.com/068Vm000001BKm6"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.", "supportingMedia": [{"type": "text/html", "value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1240", "description": "CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-27T15:41:55.288Z"}}}, "cveMetadata": {"cveId": "CVE-2023-51392", "state": "PUBLISHED", "dateUpdated": "2024-09-27T15:41:55.288Z", "dateReserved": "2023-12-18T20:56:24.812Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2024-02-23T16:12:41.261Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*", "matchCriteriaId": "E456A82A-F19A-4C1C-B775-8D3D61447EE6", "versionEndIncluding": "7.2.4", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks."}, {"lang": "es", "value": "Ember ZNet entre v7.2.0 y v7.4.0 utiliz\u00f3 software AES-CCM en lugar de aceleradores criptogr\u00e1ficos de hardware integrados, lo que potencialmente aumenta el riesgo de ataques de canal lateral de an\u00e1lisis de potencia diferencial y electromagn\u00e9tico."}], "id": "CVE-2023-51392", "lastModified": "2025-02-12T18:49:30.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "product-security@silabs.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-23T17:15:07.840", "references": [{"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://community.silabs.com/068Vm000001BKm6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://community.silabs.com/068Vm000001BKm6"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1240"}], "source": "product-security@silabs.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}