CVE-2023-2747 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.1 LOW	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Silabs	CNA	3.1 LOW	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Affected Products (NVD)

Vendor	Product	Version
silabs	gecko_software_development_kit	2.0.0 ≤ 𝑥 < 2.2.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1204 - Generation of Weak Initialization Vector (IV)
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.
CWE-908 - Use of Uninitialized Resource
The software uses or accesses a resource that has not been initialized.

References

https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1

https://github.com/SiliconLabs/gecko_sdk

https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1

https://github.com/SiliconLabs/gecko_sdk