CVE-2023-5310
MEDIUM
5,7
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0008
Percentile
0,2th
Updated
EPSS Score Trend (Last 90 Days)
248
Uncaught Exception
DraftCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart
Read Application Data
Applicable Platforms
Languages:
C#, C++, Java
Application
Z-Wave Software Development Kit by Silabs
Version Range Affected
To
7.20.2.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/SiliconLabs/gecko_sdk/releases
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/…
https://github.com/SiliconLabs/gecko_sdk/releases
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/…