CVE-2023-41096

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 6.8
References () https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 - Permissions Required () https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 - Permissions Required

25 Sep 2024, 17:15

Type Values Removed Values Added
Summary (en) Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. (en) Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
CWE CWE-312

08 Nov 2023, 01:48

Type Values Removed Values Added
References (MISC) https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 - (MISC) https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 - Permissions Required
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*
CWE CWE-311
First Time Silabs
Silabs emberznet Sdk

26 Oct 2023, 15:32

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-26 14:15

Updated : 2024-11-21 08:20


NVD link : CVE-2023-41096

Mitre link : CVE-2023-41096

CVE.ORG link : CVE-2023-41096


JSON object : View

Products Affected

silabs

  • emberznet_sdk
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-311

Missing Encryption of Sensitive Data