CVEbaza.plSłownik CWECWE-1319
Common Weakness Enumeration

CWE-1319

Improper Protection against Electromagnetic Fault Injection (EM-FI)

Kategoria: BaseCVE: 6
Opis

Urządzenie jest podatne na ataki polegające na elektromagnetycznym wstrzykiwaniu błędów, co może prowadzić do kompromitacji wewnętrznych informacji urządzenia lub obejścia mechanizmów bezpieczeństwa. Taka podatność umożliwia osobom atakującym zakłócenie prawidłowego działania urządzenia poprzez emisję fal elektromagnetycznych.

Description (EN)

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

Podatności CVE z CWE-1319 (6)
9.8
CVSS
CRITICAL
CVE-2024-31510

Podatność w bibliotece Open Quantum Safe liboqs v.10.0 umożliwia zdalnemu atakującemu eskalację uprawnień poprzez manipulację parametrem crypto_sign_signature w komponencie ML-DSA. Ocena CVSS 9.8 (CRITICAL) wskazuje na wyjątkowo wysokie ryzyko, gdyż atak nie wymaga uwierzytelnienia ani interakcji użytkownika.

pub. 2024-05-24
9.3
CVSS
CRITICAL
CVE-2022-26131

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.

pub. 2022-03-10
8.6
CVSS
HIGH
CVE-2025-9709

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the hardware system possible.

pub. 2025-09-05
7.6
CVSS
HIGH
CVE-2022-42784

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.

pub. 2023-12-12
7.5
CVSS
HIGH
CVE-2025-1566

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

pub. 2025-04-16
6.8
CVSS
MEDIUM
CVE-2023-5138

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.

pub. 2024-01-03
Informacje
ID: CWE-1319
Typ: Base
Podatności: 6
MITRE CWE ↗
← Słownik CWE