Heejo Lee

Name of the Vulnerable Software and Affected Versions: Silicon Labs Z-Wave Series 500 version 6.84.0 Description: The issue is related to insecure permissions in the software. Recommendations: For version 6.84.0, consider updating the permissions configuration to a more secure setup, however, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue concerns insecure permissions in the software, allowing attackers to create a fake node by supplying crafted packets. Recommendations: For Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1, consider restricting access to the node creation functionality until a patch is available. As a temporary workaround, avoid using the software to create new nodes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue is related to insecure permissions in the Silicon Labs (SiLabs) Z-Wave Series 700 and 800, which allows attackers to cause a Denial of Service (DoS) by repeatedly sending crafted packets to the controller. Recommendations: For version 7.21.1, consider restricting access to the controller to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable functionality that allows crafted packets to be sent to the controller.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue is related to insecure permissions in the affected software, allowing attackers to disrupt communications between the controller and the device by repeatedly sending crafted packets to the controller. Recommendations: For Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1, consider restricting access to the controller to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue is related to insecure permissions in the Silicon Labs Z-Wave Series 700 and 800, which allow attackers to modify the `wakeup interval` of end devices in the controller's memory. This modification disrupts the device's communications with the controller. Recommendations: For version 7.21.1, consider restricting access to the controller's memory to prevent unauthorized changes to the `wakeup interval` until a fix is available. As a temporary workaround, review and secure the permissions settings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: Insecure permissions in the software allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). Recommendations: For Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1, consider updating to a newer version that addresses the insecure permissions issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Silicon Labs Z-Wave Series 500 version 6.84.0 Description: An issue in Silicon Labs Z-Wave Series 500 allows attackers to execute arbitrary code. Recommendations: For version 6.84.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Z-Wave devices based on Silicon Labs 700 series chipsets (affected versions not specified) **Description** The issue affects Z-Wave devices that use S2 authentication and are based on Silicon Labs 700 series chipsets. These devices do not properly authenticate or encrypt FIND NODE IN RANGE frames. As a result, a remote, unauthenticated attacker can inject a FIND NODE IN RANGE frame with an invalid random payload. This action can deny service by blocking the processing of upcoming events. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets Linear WADWAZ-1 version 3.43 Linear WAPIRZ-1 version 3.43 **Description** The issue affects Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets, which do not support encryption. This allows an attacker within radio range to take control of or cause a denial of service to a vulnerable device. The attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this issue as it is a problem with the Z-Wave specification for these legacy chipsets. **Recommendations** For Linear WADWAZ-1 version 3.43, consider replacing the device with one that uses 500 or 700 series chipsets that support Security 2 (S2) encryption. For Linear WAPIRZ-1 version 3.43, consider replacing the device with one that uses 500 or 700 series chipsets that support Security 2 (S2) encryption. For Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets, consider upgrading to devices that use 500 or 700 series chipsets that support Security 2 (S2) encryption.

**Name of the Vulnerable Software and Affected Versions** Z-Wave devices based on Silicon Labs 500 series chipsets versions (affected versions not specified) Linear LB60Z-1 version 3.5 Dome DM501 version 4.26 Jasco ZW4201 version 4.05 **Description** The issue concerns Z-Wave devices that do not implement encryption or replay protection, specifically those based on Silicon Labs 500 series chipsets using CRC-16 encapsulation. **Recommendations** For Linear LB60Z-1 version 3.5, consider implementing additional security measures to protect against replay attacks. For Dome DM501 version 4.26, restrict access to sensitive functions until encryption can be implemented. For Jasco ZW4201 version 4.05, avoid using the device for sensitive applications until replay protection is added. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Z-Wave devices based on Silicon Labs 500 series chipsets Schlage BE468 version 3.42 **Description** The issue affects Z-Wave devices that use S0 authentication, leading to uncontrolled resource consumption and resulting in battery exhaustion. For example, the Schlage BE468 door lock is vulnerable and fails open when the battery level is low. **Recommendations** For Schlage BE468 version 3.42, consider replacing the batteries more frequently to minimize the risk of the lock failing open due to low battery level. For Z-Wave devices based on Silicon Labs 500 series chipsets, restrict the use of S0 authentication until a patch or fix is available to prevent uncontrolled resource consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZooZ ZST10 version 6.04 ZooZ ZEN20 version 5.03 ZooZ ZEN25 version 5.03 Aeon Labs ZW090-A version 3.95 Fibaro FGWPB-111 version 4.3 **Description** Z-Wave devices based on Silicon Labs 500 series chipsets using S2 are susceptible to denial of service and resource exhaustion via malformed `SECURITY NONCE GET`, `SECURITY NONCE GET 2`, `NO OPERATION`, or `NIF REQUEST` messages. **Recommendations** For ZooZ ZST10 version 6.04, consider disabling the `SECURITY NONCE GET` and `SECURITY NONCE GET 2` functions until a patch is available. For ZooZ ZEN20 version 5.03, restrict access to the `NO OPERATION` message to minimize the risk of exploitation. For ZooZ ZEN25 version 5.03, avoid using the `NIF REQUEST` message in the affected API endpoint until the issue is resolved. For Aeon Labs ZW090-A version 3.95, restrict access to the vulnerable module to minimize the risk of exploitation. For Fibaro FGWPB-111 version 4.3, consider disabling the vulnerable function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Z-Wave devices using Silicon Labs 500 and 700 series chipsets versions (affected versions not specified) SiLabs UZB-7 version 7.00 ZooZ ZST10 version 6.04 Aeon Labs ZW090-A version 3.95 Samsung STH-ETH-200 version 6.04 **Description** The issue affects Z-Wave devices using Silicon Labs 500 and 700 series chipsets, making them susceptible to denial of service via malformed routing messages. **Recommendations** For SiLabs UZB-7 version 7.00, consider disabling the routing message handling functionality until a patch is available. For ZooZ ZST10 version 6.04, restrict access to the device to minimize the risk of exploitation. For Aeon Labs ZW090-A version 3.95, avoid processing malformed routing messages until the issue is resolved. For Samsung STH-ETH-200 version 6.04, limit the device's exposure to potentially malicious routing messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.