CVE-2024-22472 (GCVE-0-2024-22472)
Vulnerability from cvelistv5
Published
2024-05-07 05:17
Modified
2024-08-01 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution
This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2
running on Silicon Labs 500 series Z-wave devices.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Silicon Labs | Z-Wave SDK |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:z-wave_software_development_kit:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z-wave_software_development_kit",
"vendor": "silabs",
"versions": [
{
"lessThan": "6.85.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:45:43.968246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:56.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:09.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000004rZwm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Z-Wave SDK",
"500 Series Z-Wave Devices"
],
"platforms": [
"ARM"
],
"product": "Z-Wave SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "Silicon Labs",
"versions": [
{
"lessThan": "6.85.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\u003c/p\u003e\u003cp\u003eThis issue affects all versions of Silicon Labs\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e500 Series SDK prior to v6.85.2\u003c/span\u003e\n\nrunning on Silicon Labs 500 series Z-wave devices.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\n\nThis issue affects all versions of Silicon Labs\u00a0500 Series SDK prior to v6.85.2\n\nrunning on Silicon Labs 500 series Z-wave devices.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
},
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T05:17:26.626Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000004rZwm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-22472",
"datePublished": "2024-05-07T05:17:26.626Z",
"dateReserved": "2024-01-10T19:20:24.393Z",
"dateUpdated": "2024-08-01T22:51:09.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://community.silabs.com/068Vm000004rZwm\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:51:09.827Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22472\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-08T15:45:43.968246Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:silabs:z-wave_software_development_kit:-:*:*:*:*:*:*:*\"], \"vendor\": \"silabs\", \"product\": \"z-wave_software_development_kit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.85.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-08T15:45:17.499Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-100\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-100 Overflow Buffers\"}]}, {\"capecId\": \"CAPEC-253\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-253 Remote Code Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/SiliconLabs/gecko_sdk/releases\", \"vendor\": \"Silicon Labs\", \"modules\": [\"Z-Wave SDK\", \"500 Series Z-Wave Devices\"], \"product\": \"Z-Wave SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.85.2\", \"versionType\": \"semver\"}], \"platforms\": [\"ARM\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://community.silabs.com/068Vm000004rZwm\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\\n\\nThis issue affects all versions of Silicon Labs\\u00a0500 Series SDK prior to v6.85.2\\n\\nrunning on Silicon Labs 500 series Z-wave devices.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eA buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution\u003c/p\u003e\u003cp\u003eThis issue affects all versions of Silicon Labs\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e500 Series SDK prior to v6.85.2\u003c/span\u003e\\n\\nrunning on Silicon Labs 500 series Z-wave devices.\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"030b2754-1501-44a4-bef8-48be86a33bf4\", \"shortName\": \"Silabs\", \"dateUpdated\": \"2024-05-07T05:17:26.626Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-22472\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:51:09.827Z\", \"dateReserved\": \"2024-01-10T19:20:24.393Z\", \"assignerOrgId\": \"030b2754-1501-44a4-bef8-48be86a33bf4\", \"datePublished\": \"2024-05-07T05:17:26.626Z\", \"assignerShortName\": \"Silabs\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…