Silabs: Security Vulnerabilities
An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-12-10
Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-12-10
Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the debug interface. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
Was ZDI-CAN-23184
CVSS Score
8.8
EPSS Score
0.018
Published
2024-09-28
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.
CVSS Score
3.1
EPSS Score
0.001
Published
2024-07-12
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-02-23
High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-02-23
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-02-23
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-02-21
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-02-21
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-02-21