Description
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).


DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device.

* Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended
Published: 2026-06-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SYMCRYPTO is the host side hardware engine on SiXG301 devices, accelerated by the PSA crypto library for symmetric encryption and hashing. The DPA countermeasures implemented in SYMCRYPTO can be weakened by forcing particular seed values when an attacker has gained code execution on the device. This reduction in entropy allows the cryptographic keys loaded onto SYMCRYPTO to become more susceptible to extraction through differential power analysis attacks than originally intended.

Affected Systems

The vulnerability affects devices running the Simplicity SDK on the SiXG301 Series 3 family. No specific version ranges are enumerated in the available data, so any device using the affected firmware snapshot is potentially impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity, but the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires local or remote code execution to manipulate the seed values that influence the DPA countermeasures. Once those countermeasures are reduced, an attacker can perform side‑channel key extraction attacks more feasibly, compromising the confidentiality of the cryptographic keys stored on the device.

Generated by OpenCVE AI on June 25, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to the latest Simplicity SDK release that fixes the countermeasure weakening
  • Restrict or prevent unauthorized code execution on the device, for example by enforcing secure boot or limiting write access to executable memory
  • Conduct regular side‑channel testing or monitor power consumption patterns for anomalous activity; if significant deviations are detected, immediately isolate or replace the affected device

Generated by OpenCVE AI on June 25, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Silabs
Silabs simplicity Sdk
Vendors & Products Silabs
Silabs simplicity Sdk

Thu, 25 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended
Title DPA Countermeasures weakening on Series 3 devices
Weaknesses CWE-331
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Silabs Simplicity Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-06-25T19:03:41.047Z

Reserved: 2026-03-26T19:20:56.943Z

Link: CVE-2026-4930

cve-icon Vulnrichment

Updated: 2026-06-25T19:03:18.781Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T07:15:16Z

Weaknesses