CVE-2023-2747 - Vulnerability Details - OpenCVE

The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00031.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Silabs	Gecko Software Development Kit

Configuration 1 [-]

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-34208	The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1
https://github.com/SiliconLabs/gecko_sdk

History

Wed, 11 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Sep 2024 16:45:00 +0000

Type	Values Removed	Values Added
Description	The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.	The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
Weaknesses		CWE-1204

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2023-06-15T19:49:29.785Z

Updated: 2024-12-11T20:59:11.466Z

Reserved: 2023-05-16T20:15:31.493Z

Link: CVE-2023-2747

Vulnrichment

Updated: 2024-08-02T06:33:05.305Z

NVD

Status : Modified

Published: 2023-06-15T20:15:09.323

Modified: 2024-11-21T07:59:13.003

Link: CVE-2023-2747

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2747", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-05-16T20:15:31.493Z", "datePublished": "2023-06-15T19:49:29.785Z", "dateUpdated": "2024-12-11T20:59:11.466Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GSDK", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "2.2.1", "status": "affected", "version": "2.0.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div></div>\n\nThe initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. <div></div>"}], "value": "The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1204", "description": "CWE-1204 Generation of Weak Initialization Vector (IV)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-27T16:19:34.634Z"}, "references": [{"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"}, {"url": "https://github.com/SiliconLabs/gecko_sdk"}], "source": {"discovery": "UNKNOWN"}, "title": "Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.305Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1", "tags": ["x_transferred"]}, {"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-11T20:59:03.584000Z", "id": "CVE-2023-2747", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T20:59:11.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1", "tags": ["x_transferred"]}, {"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.305Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2747", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-11T20:59:03.584000Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T20:59:08.018Z"}}], "cna": {"title": "Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "silabs.com", "product": "GSDK", "versions": [{"status": "affected", "version": "2.0.0", "versionType": "patch", "lessThanOrEqual": "2.2.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"}, {"url": "https://github.com/SiliconLabs/gecko_sdk"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.", "supportingMedia": [{"type": "text/html", "value": "<div></div>\n\nThe initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. <div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1204", "description": "CWE-1204 Generation of Weak Initialization Vector (IV)"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-27T16:19:34.634Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2747", "state": "PUBLISHED", "dateUpdated": "2024-12-11T20:59:11.466Z", "dateReserved": "2023-05-16T20:15:31.493Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2023-06-15T19:49:29.785Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF6CF6C2-B81D-4253-B0F5-695D357C5201", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized."}], "id": "CVE-2023-2747", "lastModified": "2024-11-21T07:59:13.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 2.5, "source": "product-security@silabs.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-15T20:15:09.323", "references": [{"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"}, {"source": "product-security@silabs.com", "tags": ["Product"], "url": "https://github.com/SiliconLabs/gecko_sdk"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/SiliconLabs/gecko_sdk"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1204"}], "source": "product-security@silabs.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}