Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Physical access for power traces (AV:P), prior code execution (PR:H), and DPA expertise/equipment (AC:H); only key confidentiality is impacted (C:H) and extracted keys affect other systems (S:C).
Primary rating from Vendor (Silabs).
CVSS VectorVendor: Silabs
CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).
DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device.
- Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended
AnalysisAI
Reduced cryptographic key protection in Silicon Labs' SiXG301 SYMCRYPTO hardware engine (exposed via the Simplicity SDK PSA crypto library) allows an attacker who already has on-device code execution to weaken the engine's Differential Power Analysis (DPA) countermeasures by forcing low-entropy seed values, making AES/hashing keys far easier to recover through subsequent power-analysis side-channel attacks. The flaw affects embedded systems built on the SiXG301 SoC and was reported by Silicon Labs. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concrete, chained prerequisites explicitly drawn from the description and CVSS vector: (1) the attacker must first gain arbitrary code execution on the impacted SiXG301 device in order to force the specific low-entropy seed values that weaken SYMCRYPTO's DPA countermeasures (PR:H), and (2) physical access to the device to perform the actual Differential Power Analysis power-trace capture needed to extract the now-less-protected AES/hashing keys (AV:P). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H, base 7.1) frames this realistically as a high-privilege, physical-access, side-channel weakness rather than a remotely weaponizable bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already achieved code execution on a SiXG301-based device (e.g., via a separate firmware flaw or supply-chain implant) executes code that forces SYMCRYPTO's DPA countermeasure seeds to low-entropy values, then attaches power-measurement probes and collects traces while the device performs AES operations. Using standard DPA correlation, they recover the symmetric keys loaded in the engine, compromising data confidentiality and any trust anchored on those keys. … |
| Remediation | No vendor-released patch version is identified in the available data; consult the Silicon Labs advisory at https://community.silabs.com/068Vm00000sjHs3 for the official fix and apply the vendor-recommended SDK/firmware update for the SiXG301 once a fixed version is published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all deployed systems using Silicon Labs SiXG301 SYMCRYPTO engine via product documentation and BOM review. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Simplicity Sdk
View allSame weakness CWE-331 – Insufficient Entropy
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39534
GHSA-7ccr-fw66-p8jj