Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HSilabs Z Wave Pc Based Controller
APPSilabs≤ 5.54
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2023-6640MEDIUM6.5ten sam produkt
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
CVE-2023-45318CRITICAL10.0PL ✓ten sam vendor
Heap-based buffer overflow w serwerze HTTP biblioteki uC-HTTP — RCE
CVE-2023-4280CRITICAL9.3PL ✓ten sam vendor
Silabs Gecko SDK: dostęp do pamięci TrustZone z niezaufanego regionu
CVE-2023-4020CRITICAL9.0PL ✓ten sam vendor
Błąd walidacji wejścia w TrustZone SDK Silicon Labs — dostęp do pamięci bezpiecznej
CVE-2023-27882CRITICAL9.0ten sam vendor
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Emb...