Search criteria
4 vulnerabilities found for be468 by schlage
VAR-202201-0275
Vulnerability from variot - Updated: 2023-12-18 12:34Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications.CVE-2020-10137 Unknown CVE-2020-9057 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. CVE-2020-9058 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. CVE-2020-9059 Affected Vendor Statement: This is a known weakness with S0 security. CVE-2020-9060 Affected Vendor Statement: This is a known weakness with S2 security. CVE-2020-9061 Affected Vendor Statement: This is a known weakness with S0 and S2 security.CVE-2020-10137 Unknown CVE-2020-9057 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. CVE-2020-9058 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. CVE-2020-9059 Affected Vendor Statement: This is a known weakness with S0 security. CVE-2020-9060 Affected Vendor Statement: This is a known weakness with S2 security. CVE-2020-9061 Affected Vendor Statement: This is a known weakness with S0 and S2 security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "be468",
"scope": "eq",
"trust": 1.0,
"vendor": "schlage",
"version": "3.42"
},
{
"model": "500 series",
"scope": "eq",
"trust": 1.0,
"vendor": "silabs",
"version": "*"
},
{
"model": "500 \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "silicon",
"version": null
},
{
"model": "be468",
"scope": null,
"trust": 0.8,
"vendor": "schlage",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9059"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Timur Snoke and Art Manion.Statement Date:\u00a0\u00a0 June 30, 2020",
"sources": [
{
"db": "CERT/CC",
"id": "VU#142629"
}
],
"trust": 0.8
},
"cve": "CVE-2020-9059",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9059",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-187184",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9059",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9059",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-187184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications.CVE-2020-10137 Unknown\nCVE-2020-9057 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. \nCVE-2020-9058 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. \nCVE-2020-9059 Affected\nVendor Statement:\nThis is a known weakness with S0 security. \nCVE-2020-9060 Affected\nVendor Statement:\nThis is a known weakness with S2 security. \nCVE-2020-9061 Affected\nVendor Statement:\nThis is a known weakness with S0 and S2 security.CVE-2020-10137 Unknown\nCVE-2020-9057 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. \nCVE-2020-9058 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. \nCVE-2020-9059 Affected\nVendor Statement:\nThis is a known weakness with S0 security. \nCVE-2020-9060 Affected\nVendor Statement:\nThis is a known weakness with S2 security. \nCVE-2020-9061 Affected\nVendor Statement:\nThis is a known weakness with S0 and S2 security",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CERT/CC",
"id": "VU#142629"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "VULHUB",
"id": "VHN-187184"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9059",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#142629",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU94598199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-187184",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9059",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#142629"
},
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"id": "VAR-202201-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:34:41.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Silicon\u00a0Labs,\u00a0Inc.Silicon\u00a0Labs,\u00a0Inc.",
"trust": 0.8,
"url": "https://www.schlage.com/en/home.html"
},
{
"title": "Silicon Labs Z-Wave Chipsets Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178622"
},
{
"title": "VFuzz-public",
"trust": 0.1,
"url": "https://github.com/cnk2100/vfuzz-public "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cnk2100/vfuzz-public"
},
{
"trust": 2.5,
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"trust": 2.5,
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/142629"
},
{
"trust": 1.7,
"url": "https://doi.org/10.1109/access.2021.3138768"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9059"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94598199/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#142629"
},
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#142629"
},
{
"date": "2022-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-187184"
},
{
"date": "2023-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"date": "2022-01-10T14:10:16.303000",
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-09T00:00:00",
"db": "CERT/CC",
"id": "VU#142629"
},
{
"date": "2022-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-187184"
},
{
"date": "2023-02-10T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"date": "2022-09-20T17:16:54.653000",
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"date": "2022-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silicon Labs Z-Wave chipsets contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#142629"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
],
"trust": 0.6
}
}
FKIE_CVE-2020-9059
Vulnerability from fkie_nvd - Published: 2022-01-10 14:10 - Updated: 2024-11-21 05:39
Severity ?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | https://doi.org/10.1109/ACCESS.2021.3138768 | Broken Link | |
| cret@cert.org | https://github.com/CNK2100/VFuzz-public | Third Party Advisory | |
| cret@cert.org | https://ieeexplore.ieee.org/document/9663293 | Broken Link | |
| cret@cert.org | https://kb.cert.org/vuls/id/142629 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/142629 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doi.org/10.1109/ACCESS.2021.3138768 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/CNK2100/VFuzz-public | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ieeexplore.ieee.org/document/9663293 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/142629 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/142629 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs | 500_series_firmware | * | |
| schlage | be468 | 3.42 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92760285-A1DD-4569-AD71-834BBF2D9E64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "D07734B8-CA19-4F62-A0AF-1DB87FCBA667",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
},
{
"lang": "es",
"value": "Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan la autenticaci\u00f3n S0 son susceptibles a un consumo de recursos no controlados, conllevando a un agotamiento de la bater\u00eda. Como ejemplo, la cerradura de puerta Schlage BE468 versi\u00f3n 3.42 es vulnerable y falla al abrirse con un nivel bajo de bater\u00eda"
}
],
"id": "CVE-2020-9059",
"lastModified": "2024-11-21T05:39:55.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-10T14:10:16.303",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-9059 (GCVE-0-2020-9059)
Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 19:25
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schlage | BE468 |
Affected:
3.42
|
|||||||
|
|||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BE468",
"vendor": "Schlage",
"versions": [
{
"status": "affected",
"version": "3.42"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:13",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BE468",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.42"
}
]
}
}
]
},
"vendor_name": "Schlage"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9059",
"datePublished": "2022-01-07T04:30:26.522128Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T19:25:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9059 (GCVE-0-2020-9059)
Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-16 19:25
VLAI?
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schlage | BE468 |
Affected:
3.42
|
|||||||
|
|||||||||
Credits
Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BE468",
"vendor": "Schlage",
"versions": [
{
"status": "affected",
"version": "3.42"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:13",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BE468",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.42"
}
]
}
}
]
},
"vendor_name": "Schlage"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9059",
"datePublished": "2022-01-07T04:30:26.522128Z",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-09-16T19:25:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}