Overview
- Description
- On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is no security impact: the only potentially leaked information is the number of characters in the PIN
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 2.4
- Impact score
- 1.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-203
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:real-sec:bc_vault_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F35BBFAA-15E0-493E-ACED-BC122E86796D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:real-sec:bc_vault:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AE7679D3-F4F1-46D7-BC47-D0B461C72C46"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]