Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Z-Wave SDK by Silicon Labs

    CVE-2024-22472 (GCVE-0-2024-22472)

    Vulnerability from nvd – Published: 2024-05-07 05:17 – Updated: 2024-08-01 22:51
    VLAI
    Title
    Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow
    Summary
    A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs Z-Wave SDK Affected: 0 , < 6.85.2 (semver)
    Create a notification for this product.
    silabs z-wave_software_development_kit Affected: 0 , < 6.85.2 (semver)
        cpe:2.3:a:silabs:z-wave_software_development_kit:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:silabs:z-wave_software_development_kit:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z-wave_software_development_kit",
                "vendor": "silabs",
                "versions": [
                  {
                    "lessThan": "6.85.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:45:43.968246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:52:56.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:51:09.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.silabs.com/068Vm000004rZwm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Z-Wave SDK",
                "500 Series Z-Wave Devices"
              ],
              "platforms": [
                "ARM"
              ],
              "product": "Z-Wave SDK",
              "repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "lessThan": "6.85.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\u003c/p\u003e\u003cp\u003eThis issue affects all versions of Silicon Labs\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e500 Series SDK prior to v6.85.2\u003c/span\u003e\n\nrunning on Silicon Labs 500 series Z-wave devices.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\n\nThis issue affects all versions of Silicon Labs\u00a0500 Series SDK prior to v6.85.2\n\nrunning on Silicon Labs 500 series Z-wave devices.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            },
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T05:17:26.626Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "url": "https://community.silabs.com/068Vm000004rZwm"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2024-22472",
        "datePublished": "2024-05-07T05:17:26.626Z",
        "dateReserved": "2024-01-10T19:20:24.393Z",
        "dateUpdated": "2024-08-01T22:51:09.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51395 (GCVE-0-2023-51395)

    Vulnerability from nvd – Published: 2024-03-07 04:50 – Updated: 2024-09-25 16:03
    VLAI
    Title
    Z-Wave S0 Decryption Vulnerability in End Devices
    Summary
    The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs Z-Wave SDK Unaffected: 7.20.0
    Unaffected: 7.19.3
    Unaffected: 7.18.8
    Unaffected: 7.17.5
    Create a notification for this product.
    silabs z-wave_software_development_kit Unaffected: 0 , < 7.17.5 (custom)
    Unaffected: 7.18.0 , < 7.18.8 (custom)
    Unaffected: 7.19.0 , < 7.19.3 (custom)
        cpe:2.3:h:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:32:09.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.silabs.com/068Vm0000029Xq5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "z-wave_software_development_kit",
                "vendor": "silabs",
                "versions": [
                  {
                    "lessThan": "7.17.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.18.8",
                    "status": "unaffected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.3",
                    "status": "unaffected",
                    "version": "7.19.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T16:36:30.844451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T16:44:12.424Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "Z-Wave SDK",
              "platforms": [
                "ARM",
                "32 bit"
              ],
              "product": "Z-Wave SDK",
              "repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "7.20.0"
                },
                {
                  "status": "unaffected",
                  "version": "7.19.3"
                },
                {
                  "status": "unaffected",
                  "version": "7.18.8"
                },
                {
                  "status": "unaffected",
                  "version": "7.17.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T16:03:46.409Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "url": "https://community.silabs.com/068Vm0000029Xq5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Z-Wave S0 Decryption Vulnerability in End Devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2023-51395",
        "datePublished": "2024-03-07T04:50:54.651Z",
        "dateReserved": "2023-12-18T20:56:24.812Z",
        "dateUpdated": "2024-09-25T16:03:46.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22472 (GCVE-0-2024-22472)

    Vulnerability from cvelistv5 – Published: 2024-05-07 05:17 – Updated: 2024-08-01 22:51
    VLAI
    Title
    Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow
    Summary
    A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs Z-Wave SDK Affected: 0 , < 6.85.2 (semver)
    Create a notification for this product.
    silabs z-wave_software_development_kit Affected: 0 , < 6.85.2 (semver)
        cpe:2.3:a:silabs:z-wave_software_development_kit:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:silabs:z-wave_software_development_kit:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z-wave_software_development_kit",
                "vendor": "silabs",
                "versions": [
                  {
                    "lessThan": "6.85.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:45:43.968246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:52:56.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:51:09.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.silabs.com/068Vm000004rZwm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Z-Wave SDK",
                "500 Series Z-Wave Devices"
              ],
              "platforms": [
                "ARM"
              ],
              "product": "Z-Wave SDK",
              "repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "lessThan": "6.85.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\u003c/p\u003e\u003cp\u003eThis issue affects all versions of Silicon Labs\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e500 Series SDK prior to v6.85.2\u003c/span\u003e\n\nrunning on Silicon Labs 500 series Z-wave devices.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\n\nThis issue affects all versions of Silicon Labs\u00a0500 Series SDK prior to v6.85.2\n\nrunning on Silicon Labs 500 series Z-wave devices.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            },
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T05:17:26.626Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "url": "https://community.silabs.com/068Vm000004rZwm"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2024-22472",
        "datePublished": "2024-05-07T05:17:26.626Z",
        "dateReserved": "2024-01-10T19:20:24.393Z",
        "dateUpdated": "2024-08-01T22:51:09.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51395 (GCVE-0-2023-51395)

    Vulnerability from cvelistv5 – Published: 2024-03-07 04:50 – Updated: 2024-09-25 16:03
    VLAI
    Title
    Z-Wave S0 Decryption Vulnerability in End Devices
    Summary
    The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs Z-Wave SDK Unaffected: 7.20.0
    Unaffected: 7.19.3
    Unaffected: 7.18.8
    Unaffected: 7.17.5
    Create a notification for this product.
    silabs z-wave_software_development_kit Unaffected: 0 , < 7.17.5 (custom)
    Unaffected: 7.18.0 , < 7.18.8 (custom)
    Unaffected: 7.19.0 , < 7.19.3 (custom)
        cpe:2.3:h:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:32:09.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.silabs.com/068Vm0000029Xq5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "z-wave_software_development_kit",
                "vendor": "silabs",
                "versions": [
                  {
                    "lessThan": "7.17.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.18.8",
                    "status": "unaffected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.3",
                    "status": "unaffected",
                    "version": "7.19.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T16:36:30.844451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T16:44:12.424Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "Z-Wave SDK",
              "platforms": [
                "ARM",
                "32 bit"
              ],
              "product": "Z-Wave SDK",
              "repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "7.20.0"
                },
                {
                  "status": "unaffected",
                  "version": "7.19.3"
                },
                {
                  "status": "unaffected",
                  "version": "7.18.8"
                },
                {
                  "status": "unaffected",
                  "version": "7.17.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T16:03:46.409Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "url": "https://community.silabs.com/068Vm0000029Xq5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Z-Wave S0 Decryption Vulnerability in End Devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2023-51395",
        "datePublished": "2024-03-07T04:50:54.651Z",
        "dateReserved": "2023-12-18T20:56:24.812Z",
        "dateUpdated": "2024-09-25T16:03:46.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }