{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2502", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2024-03-15T13:34:41.105Z", "datePublished": "2024-08-29T22:06:59.299Z", "dateUpdated": "2024-08-30T14:54:03.128Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "SiSDK/GSDK", "product": "SE Firmware", "repo": "https://github.com/SiliconLabs/simplicity_sdk", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "2.2.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.</span>\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.&nbsp;"}], "value": "An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later."}], "impacts": [{"capecId": "CAPEC-440", "descriptions": [{"lang": "en", "value": "CAPEC-440 Hardware Integrity Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-08-29T22:06:59.299Z"}, "references": [{"tags": ["vendor-advisory", "permissions-required"], "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/069Vm00000BYb5HIAT?operationContext=S1"}], "source": {"discovery": "UNKNOWN"}, "title": "Failure to update the tamper reset cause register when a tamper event occurs", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T14:53:47.923088Z", "id": "CVE-2024-2502", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T14:54:03.128Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T14:53:47.923088Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T14:53:57.399Z"}}], "cna": {"title": "Failure to update the tamper reset cause register when a tamper event occurs", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-440", "descriptions": [{"lang": "en", "value": "CAPEC-440 Hardware Integrity Attack"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/SiliconLabs/simplicity_sdk", "vendor": "silabs.com", "product": "SE Firmware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.2.5"}], "packageName": "SiSDK/GSDK", "defaultStatus": "unaffected"}], "references": [{"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/069Vm00000BYb5HIAT?operationContext=S1", "tags": ["vendor-advisory", "permissions-required"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.</span>\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.&nbsp;", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-08-29T22:06:59.299Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2502", "state": "PUBLISHED", "dateUpdated": "2024-08-30T14:54:03.128Z", "dateReserved": "2024-03-15T13:34:41.105Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2024-08-29T22:06:59.299Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later."}, {"lang": "es", "value": "Se puede configurar una aplicaci\u00f3n para bloquear los intentos de arranque despu\u00e9s de detectar reinicios de manipulaci\u00f3n consecutivos, lo que puede no ocurrir como se espera. Esto es posible porque el registro TAMPERRSTCAUSE puede no actualizarse correctamente cuando se produce un evento de manipulaci\u00f3n de nivel 4 (un reinicio de manipulaci\u00f3n). Esto afecta a los dispositivos HSE-SVH de la serie 2, incluidos xG23B, xG24B, xG25B y xG28B, pero no afecta a xG21B. Para mitigar este problema, actualice a la versi\u00f3n 2.2.6 del firmware SE o posterior."}], "id": "CVE-2024-2502", "lastModified": "2024-08-30T13:00:05.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2024-08-29T22:15:05.153", "references": [{"source": "product-security@silabs.com", "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/069Vm00000BYb5HIAT?operationContext=S1"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "product-security@silabs.com", "type": "Secondary"}]}

{}