ICS-CERT AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In the goTenna Pro application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted communications that include P2P, Group, and broadcast messages that use these keys.

In the goTenna Pro App, the encryption keys are stored along with a 
static IV on the End User Device (EUD). This allows for complete 
decryption of keys stored on the EUD if physically compromised. This 
allows an attacker to decrypt all encrypted broadcast communications 
based on encryption keys stored on the EUD. This requires access to and 
control of the EUD, so it is recommended to use strong access control 
measures and layered encryption on the EUD for more secure operation.

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:* versions up to (including) 1.6.1
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:* versions up to (excluding) 2.0.3

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* versions up to (including) 1.6.1

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* versions up to (including) 1.6.1

NIST AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 No Types Assigned

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 Third Party Advisory, US Government Resource

ICS-CERT CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

ICS-CERT CWE-922

In the goTenna Pro application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted communications that include P2P, Group, and broadcast messages that use these keys.

ICS-CERT https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 [No types assigned]