Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for OpenThread SDK by silabs.com

    CVE-2023-41095 (GCVE-0-2023-41095)

    Vulnerability from nvd – Published: 2023-10-26 13:10 – Updated: 2024-09-25 16:20
    VLAI
    Title
    Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices
    Summary
    Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:11.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41095",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T17:55:48.975914Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:01:51.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "modules": [
                "SecureVault High"
              ],
              "platforms": [
                "32 bit",
                "ARM"
              ],
              "product": "OpenThread SDK",
              "repo": "https://github.com/SiliconLabs/gecko_sdk",
              "vendor": "silabs.com",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.3.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.\u003cbr\u003e\u003cp\u003eThis issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.\nThis issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-458",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-458 Flash Memory Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T16:20:12.263Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2023-41095",
        "datePublished": "2023-10-26T13:10:11.193Z",
        "dateReserved": "2023-08-23T04:17:16.169Z",
        "dateUpdated": "2024-09-25T16:20:12.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41095 (GCVE-0-2023-41095)

    Vulnerability from cvelistv5 – Published: 2023-10-26 13:10 – Updated: 2024-09-25 16:20
    VLAI
    Title
    Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices
    Summary
    Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:11.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41095",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T17:55:48.975914Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:01:51.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "modules": [
                "SecureVault High"
              ],
              "platforms": [
                "32 bit",
                "ARM"
              ],
              "product": "OpenThread SDK",
              "repo": "https://github.com/SiliconLabs/gecko_sdk",
              "vendor": "silabs.com",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.3.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.\u003cbr\u003e\u003cp\u003eThis issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.\nThis issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-458",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-458 Flash Memory Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T16:20:12.263Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2023-41095",
        "datePublished": "2023-10-26T13:10:11.193Z",
        "dateReserved": "2023-08-23T04:17:16.169Z",
        "dateUpdated": "2024-09-25T16:20:12.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }