CWE-1247
Improper Protection Against Voltage and Clock Glitches
The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.
CVE-2022-31224 (GCVE-0-2022-31224)
Vulnerability from cvelistv5
Published
2022-09-12 18:35
Modified
2024-09-17 02:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1247 - Improper Protection Against Voltage and Clock Glitches
Summary
Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000202196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "21Q4 platforms",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1247",
"description": "CWE-1247: Improper Protection Against Voltage and Clock Glitches",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T18:35:20",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000202196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-08-05",
"ID": "CVE-2022-31224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21Q4 platforms"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system."
}
]
},
"impact": {
"cvss": {
"baseScore": 2,
"baseSeverity": "Low",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1247: Improper Protection Against Voltage and Clock Glitches"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000202196",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000202196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-31224",
"datePublished": "2022-09-12T18:35:20.980464Z",
"dateReserved": "2022-05-19T00:00:00",
"dateUpdated": "2024-09-17T02:01:23.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4760 (GCVE-0-2024-4760)
Vulnerability from cvelistv5
Published
2024-05-16 13:07
Modified
2025-06-06 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1247 - Improper Protection Against Voltage and Clock Glitches
Summary
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microchip | SAME70 |
Version: 0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:amtel:same70:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "same70",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:amtel:sams70:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sams70",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:amtel:samv70:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "samv70",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:amtel:samv71:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "samv71",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:22:40.820250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:31.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SAME70",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "SAMS70",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "SAMV70",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "SAMV71",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAMG55",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4C",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4S",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4N",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4E",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM3S",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM3N",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM3U",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Physical control of the VDDCore pins\u003cbr\u003e"
}
],
"value": "Physical control of the VDDCore pins"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Waleed Alzamil"
},
{
"lang": "en",
"type": "finder",
"value": "Bandar Alharbi"
},
{
"lang": "en",
"type": "finder",
"value": "Meshari Alhammadi"
}
],
"datePublic": "2024-05-16T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM\u0026nbsp;4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers\u0026nbsp;allows access to the memory bus via the debug interface even if the security bit is set."
}
],
"value": "A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM\u00a04C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers\u00a0allows access to the memory bus via the debug interface even if the security bit is set."
}
],
"impacts": [
{
"capecId": "CAPEC-624",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-624: Hardware Fault Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1247",
"description": "CWE-1247: Improper Protection Against Voltage and Clock Glitches",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:08:03.023Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf"
}
],
"source": {
"advisory": "PSIRT-73",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-02-15T17:19:00.000Z",
"value": "Initial report"
},
{
"lang": "en",
"time": "2025-06-06T07:00:00.000Z",
"value": "Vendor Advisory issued"
}
],
"title": "Voltage glitch during startup of the EEFC NVM controller can bypass the security bit",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code\u003cbr\u003eupdates."
}
],
"value": "Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code\nupdates."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-4760",
"datePublished": "2024-05-16T13:07:57.462Z",
"dateReserved": "2024-05-10T15:18:00.908Z",
"dateUpdated": "2025-06-06T15:08:03.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- At the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be implemented to detect glitches. Implementing redundancy in security-sensitive code (e.g., where checks are performed)also can help with mitigation of glitch attacks.
CAPEC-624: Hardware Fault Injection
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.
CAPEC-625: Mobile Device Fault Injection
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.