CVE-2024-53832

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V05.30

Description: A vulnerability has been identified in the CPCI85 Central Processing/Communication devices. The affected devices contain a secure element connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.

Recommendations: For versions prior to V05.30, consider restricting physical access to the SPI bus as a temporary mitigation measure until a patch is available. Additionally, avoid using the secure element for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.