Search criteria
8 vulnerabilities found for 500 series by Silicon Labs
CVE-2020-9061 (GCVE-0-2020-9061)
Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-17 03:28
VLAI?
Summary
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
Severity ?
No CVSS data available.
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ZooZ | ZST10 |
Affected:
6.04
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZST10",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "6.04"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "700 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "UZB-7",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "7.00"
}
]
},
{
"product": "STH-ETH-200",
"vendor": "Samsung",
"versions": [
{
"status": "affected",
"version": "6.04"
}
]
},
{
"product": "ZW090-A",
"vendor": "Aeon Labs",
"versions": [
{
"status": "affected",
"version": "3.95"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:16",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZST10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.04"
}
]
}
}
]
},
"vendor_name": "ZooZ"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "700 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "UZB-7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.00"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
},
{
"product": {
"product_data": [
{
"product_name": "STH-ETH-200",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.04"
}
]
}
}
]
},
"vendor_name": "Samsung"
},
{
"product": {
"product_data": [
{
"product_name": "ZW090-A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.95"
}
]
}
}
]
},
"vendor_name": "Aeon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9061",
"datePublished": "2022-01-07T04:30:29.498864Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-17T03:28:48.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9060 (GCVE-0-2020-9060)
Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 16:33
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZEN25",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "5.03"
}
]
},
{
"product": "ZEN20",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "5.03"
}
]
},
{
"product": "ZST10",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "6.04"
}
]
},
{
"product": "FGWPB-111",
"vendor": "Fibaro",
"versions": [
{
"status": "affected",
"version": "4.3"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ZW090-A",
"vendor": "Aeon Labs",
"versions": [
{
"status": "affected",
"version": "3.95"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:11",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZEN25",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.03"
}
]
}
},
{
"product_name": "ZEN20",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.03"
}
]
}
},
{
"product_name": "ZST10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.04"
}
]
}
}
]
},
"vendor_name": "ZooZ"
},
{
"product": {
"product_data": [
{
"product_name": "FGWPB-111",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.3"
}
]
}
}
]
},
"vendor_name": "Fibaro"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
},
{
"product": {
"product_data": [
{
"product_name": "ZW090-A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.95"
}
]
}
}
]
},
"vendor_name": "Aeon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9060",
"datePublished": "2022-01-07T04:30:28.026531Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T16:33:05.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9059 (GCVE-0-2020-9059)
Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 19:25
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schlage | BE468 |
Affected:
3.42
|
|||||||
|
|||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BE468",
"vendor": "Schlage",
"versions": [
{
"status": "affected",
"version": "3.42"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:13",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BE468",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.42"
}
]
}
}
]
},
"vendor_name": "Schlage"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9059",
"datePublished": "2022-01-07T04:30:26.522128Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T19:25:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9058 (GCVE-0-2020-9058)
Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 23:41
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
Severity ?
No CVSS data available.
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Linear | LB60Z-1 |
Affected:
3.5
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LB60Z-1",
"vendor": "Linear",
"versions": [
{
"status": "affected",
"version": "3.5"
}
]
},
{
"product": "DM501",
"vendor": "Dome",
"versions": [
{
"status": "affected",
"version": "4.26"
}
]
},
{
"product": "ZW4201",
"vendor": "Jasco",
"versions": [
{
"status": "affected",
"version": "4.05"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:18",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LB60Z-1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Linear"
},
{
"product": {
"product_data": [
{
"product_name": "DM501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.26"
}
]
}
}
]
},
"vendor_name": "Dome"
},
{
"product": {
"product_data": [
{
"product_name": "ZW4201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.05"
}
]
}
}
]
},
"vendor_name": "Jasco"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9058",
"datePublished": "2022-01-07T04:30:25.088470Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T23:41:50.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9061 (GCVE-0-2020-9061)
Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-17 03:28
VLAI?
Summary
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
Severity ?
No CVSS data available.
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ZooZ | ZST10 |
Affected:
6.04
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZST10",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "6.04"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "700 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "UZB-7",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "7.00"
}
]
},
{
"product": "STH-ETH-200",
"vendor": "Samsung",
"versions": [
{
"status": "affected",
"version": "6.04"
}
]
},
{
"product": "ZW090-A",
"vendor": "Aeon Labs",
"versions": [
{
"status": "affected",
"version": "3.95"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:16",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZST10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.04"
}
]
}
}
]
},
"vendor_name": "ZooZ"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "700 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "UZB-7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.00"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
},
{
"product": {
"product_data": [
{
"product_name": "STH-ETH-200",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.04"
}
]
}
}
]
},
"vendor_name": "Samsung"
},
{
"product": {
"product_data": [
{
"product_name": "ZW090-A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.95"
}
]
}
}
]
},
"vendor_name": "Aeon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9061",
"datePublished": "2022-01-07T04:30:29.498864Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-17T03:28:48.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9060 (GCVE-0-2020-9060)
Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-16 16:33
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZEN25",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "5.03"
}
]
},
{
"product": "ZEN20",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "5.03"
}
]
},
{
"product": "ZST10",
"vendor": "ZooZ",
"versions": [
{
"status": "affected",
"version": "6.04"
}
]
},
{
"product": "FGWPB-111",
"vendor": "Fibaro",
"versions": [
{
"status": "affected",
"version": "4.3"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ZW090-A",
"vendor": "Aeon Labs",
"versions": [
{
"status": "affected",
"version": "3.95"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:11",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZEN25",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.03"
}
]
}
},
{
"product_name": "ZEN20",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.03"
}
]
}
},
{
"product_name": "ZST10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.04"
}
]
}
}
]
},
"vendor_name": "ZooZ"
},
{
"product": {
"product_data": [
{
"product_name": "FGWPB-111",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.3"
}
]
}
}
]
},
"vendor_name": "Fibaro"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
},
{
"product": {
"product_data": [
{
"product_name": "ZW090-A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.95"
}
]
}
}
]
},
"vendor_name": "Aeon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9060",
"datePublished": "2022-01-07T04:30:28.026531Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T16:33:05.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9059 (GCVE-0-2020-9059)
Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-16 19:25
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schlage | BE468 |
Affected:
3.42
|
|||||||
|
|||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BE468",
"vendor": "Schlage",
"versions": [
{
"status": "affected",
"version": "3.42"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:13",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BE468",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.42"
}
]
}
}
]
},
"vendor_name": "Schlage"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9059",
"datePublished": "2022-01-07T04:30:26.522128Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T19:25:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9058 (GCVE-0-2020-9058)
Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-16 23:41
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
Severity ?
No CVSS data available.
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Linear | LB60Z-1 |
Affected:
3.5
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LB60Z-1",
"vendor": "Linear",
"versions": [
{
"status": "affected",
"version": "3.5"
}
]
},
{
"product": "DM501",
"vendor": "Dome",
"versions": [
{
"status": "affected",
"version": "4.26"
}
]
},
{
"product": "ZW4201",
"vendor": "Jasco",
"versions": [
{
"status": "affected",
"version": "4.05"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:18",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LB60Z-1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Linear"
},
{
"product": {
"product_data": [
{
"product_name": "DM501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.26"
}
]
}
}
]
},
"vendor_name": "Dome"
},
{
"product": {
"product_data": [
{
"product_name": "ZW4201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.05"
}
]
}
}
]
},
"vendor_name": "Jasco"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9058",
"datePublished": "2022-01-07T04:30:25.088470Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T23:41:50.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}