Ember ZNet Vulnerability: Risk of Sidechannel Attacks
CVE-2023-51392

6.2MEDIUM

Key Information:

Vendor: Silabs.com
Status: Ember Znet Sdk
Vendor: CVE Published:; 23 February 2024

What is CVE-2023-51392?

The Ember ZNet software, versions 7.2.0 to 7.4.0, utilizes software-based AES-CCM for encryption instead of leveraging built-in hardware cryptographic accelerators. This design choice may expose the system to potential attacks through differential power analysis and electromagnetic analysis, putting the integrity and confidentiality of sensitive data at risk. Users of these versions should consider updating to mitigate the potential attack pathways.

Affected Version(s)

Ember ZNet SDK 32 bit 7.2.0 < 7.4.0

References

https://community.silabs.com/068Vm000001BKm6

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2024
Vulnerability Reserved
Dec 18, 2023

Silabs.com

What is CVE-2023-51392?

Affected Version(s)

References

CVSS V3.1

Timeline