Skip to main content

CVE-2023-5138: CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI) in silabs.com GSDK

Medium
VulnerabilityCVE-2023-5138cvecve-2023-5138cwe-1319
Published: Wed Jan 03 2024 (01/03/2024, 22:31:04 UTC)
Source: CVE Database V5
Vendor/Project: silabs.com
Product: GSDK

Description

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.

AI-Powered Analysis

AILast updated: 07/04/2025, 02:25:29 UTC

Technical Analysis

CVE-2023-5138 is a vulnerability identified in Silicon Labs' GSDK (Gecko SDK) version 1.0, specifically affecting the Cortex-M33 core used in Silicon Labs' secure vault high parts EFx32xG2xB microcontrollers, excluding the EFR32xG21B series. The vulnerability stems from the fact that glitch detection mechanisms, which are designed to detect and mitigate electromagnetic fault injection (EM-FI) attacks, are not enabled by default. Electromagnetic fault injection is a sophisticated attack technique where an attacker induces faults in a device's operation by exposing it to carefully controlled electromagnetic interference. This can cause the device to behave unpredictably, potentially bypassing security controls or corrupting sensitive operations. The CWE-1319 classification highlights improper protection against such fault injection attacks. The CVSS v3.1 base score of 6.8 (medium severity) reflects the vulnerability's characteristics: it requires physical access (Attack Vector: Physical), has low attack complexity, no privileges or user interaction needed, and impacts confidentiality, integrity, and availability to a high degree. However, the physical access requirement limits the attack surface. The vulnerability affects critical security features of Silicon Labs' secure microcontrollers, which are often used in IoT, industrial control, and embedded security applications. The lack of enabled glitch detection by default means that unless developers explicitly activate these protections, devices remain vulnerable to fault injection attacks that can compromise cryptographic operations, secure key storage, or firmware integrity. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may require configuration changes or firmware updates from Silicon Labs. This vulnerability underscores the importance of enabling hardware-level protections against fault injection in security-critical embedded systems.

Potential Impact

For European organizations, the impact of CVE-2023-5138 can be significant, particularly for industries relying on Silicon Labs' secure microcontrollers in critical infrastructure, IoT deployments, and industrial automation. Successful exploitation could lead to unauthorized disclosure of sensitive data (confidentiality impact), manipulation of device behavior (integrity impact), and potential denial of service (availability impact). This could compromise the security of connected devices, leading to broader network infiltration or disruption of services. Given the physical access requirement, the threat is more relevant in environments where devices are deployed in accessible or unprotected locations, such as smart city infrastructure, manufacturing plants, or remote monitoring systems. The medium severity rating suggests that while the vulnerability is serious, the attack complexity and physical access requirement reduce the likelihood of widespread exploitation. However, the strategic importance of affected devices in sectors like energy, transportation, and healthcare in Europe means that targeted attacks could have outsized consequences. Additionally, the lack of default glitch detection increases the risk that devices are shipped or deployed in vulnerable configurations, raising the potential exposure.

Mitigation Recommendations

To mitigate CVE-2023-5138 effectively, European organizations should: 1) Review and update device firmware and configurations to ensure glitch detection features are explicitly enabled on all affected Silicon Labs microcontrollers, particularly the EFx32xG2xB series. 2) Engage with Silicon Labs for official patches or updated SDK versions that enable glitch detection by default or provide enhanced fault injection protections. 3) Implement physical security controls to restrict unauthorized physical access to devices, including tamper-evident seals, secure enclosures, and monitored access in sensitive deployments. 4) Conduct security audits and penetration testing focusing on fault injection resistance, especially for devices deployed in critical environments. 5) Monitor vendor advisories and threat intelligence feeds for updates on exploit developments or additional mitigations. 6) For new deployments, consider hardware alternatives or configurations that have glitch detection enabled by default or stronger fault injection countermeasures. 7) Incorporate fault injection attack awareness into security training for embedded system developers and operational staff to ensure proper configuration and handling.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Silabs
Date Reserved
2023-09-22T21:13:46.220Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683f0dc2182aa0cae27ff3d7

Added to database: 6/3/2025, 2:59:14 PM

Last enriched: 7/4/2025, 2:25:29 AM

Last updated: 8/14/2025, 8:34:51 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats