Refine your search
1 vulnerability found for by Schlage
CVE-2020-9059 (GCVE-0-2020-9059)
Vulnerability from cvelistv5
Published
2022-01-07 04:30
Modified
2024-09-16 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schlage | BE468 |
Version: 3.42 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BE468",
"vendor": "Schlage",
"versions": [
{
"status": "affected",
"version": "3.42"
}
]
},
{
"product": "500 series",
"vendor": "Silicon Labs",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"datePublic": "2021-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T23:06:13.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/142629"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
"ID": "CVE-2020-9059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BE468",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.42"
}
]
}
}
]
},
"vendor_name": "Schlage"
},
{
"product": {
"product_data": [
{
"product_name": "500 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Silicon Labs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/142629",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"name": "https://ieeexplore.ieee.org/document/9663293",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"name": "https://github.com/CNK2100/VFuzz-public",
"refsource": "MISC",
"url": "https://github.com/CNK2100/VFuzz-public"
},
{
"name": "https://doi.org/10.1109/ACCESS.2021.3138768",
"refsource": "MISC",
"url": "https://doi.org/10.1109/ACCESS.2021.3138768"
},
{
"name": "VU#142629",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/142629"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9059",
"datePublished": "2022-01-07T04:30:26.522Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}