Skip to main content

Simplicity Sdk

2 CVEs product

Monthly

CVE-2026-4930 HIGH This Week

Reduced cryptographic key protection in Silicon Labs' SiXG301 SYMCRYPTO hardware engine (exposed via the Simplicity SDK PSA crypto library) allows an attacker who already has on-device code execution to weaken the engine's Differential Power Analysis (DPA) countermeasures by forcing low-entropy seed values, making AES/hashing keys far easier to recover through subsequent power-analysis side-channel attacks. The flaw affects embedded systems built on the SiXG301 SoC and was reported by Silicon Labs. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation also requires physical access to the device for the power measurements.

RCE Simplicity Sdk
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-8676 HIGH PATCH This Week

Bluetooth LE bond downgrade in Silicon Labs Simplicity SDK allows an adjacent attacker to weaken connection security by deleting an existing bond, impersonating the previously bonded peer, and forcing a new pairing under attacker-controlled parameters. The flaw enables compromise of confidentiality, integrity, and availability of BLE communications on devices built with the affected SDK, and no public exploit has been identified at time of analysis.

Authentication Bypass Simplicity Sdk
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Reduced cryptographic key protection in Silicon Labs' SiXG301 SYMCRYPTO hardware engine (exposed via the Simplicity SDK PSA crypto library) allows an attacker who already has on-device code execution to weaken the engine's Differential Power Analysis (DPA) countermeasures by forcing low-entropy seed values, making AES/hashing keys far easier to recover through subsequent power-analysis side-channel attacks. The flaw affects embedded systems built on the SiXG301 SoC and was reported by Silicon Labs. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation also requires physical access to the device for the power measurements.

RCE Simplicity Sdk
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Bluetooth LE bond downgrade in Silicon Labs Simplicity SDK allows an adjacent attacker to weaken connection security by deleting an existing bond, impersonating the previously bonded peer, and forcing a new pairing under attacker-controlled parameters. The flaw enables compromise of confidentiality, integrity, and availability of BLE communications on devices built with the affected SDK, and no public exploit has been identified at time of analysis.

Authentication Bypass Simplicity Sdk
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy