CVE-2023-41096

Summary

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.

This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.

Affected Software

VendorProductVersion RangeStatus
silabs.comEmber ZNet SDK7.3.2unaffected

Weaknesses

  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References