Jimin Kang

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue concerns insecure permissions in the software, allowing attackers to create a fake node by supplying crafted packets. Recommendations: For Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1, consider restricting access to the node creation functionality until a patch is available. As a temporary workaround, avoid using the software to create new nodes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue is related to insecure permissions in the Silicon Labs (SiLabs) Z-Wave Series 700 and 800, which allows attackers to cause a Denial of Service (DoS) by repeatedly sending crafted packets to the controller. Recommendations: For version 7.21.1, consider restricting access to the controller to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable functionality that allows crafted packets to be sent to the controller.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue is related to insecure permissions in the affected software, allowing attackers to disrupt communications between the controller and the device by repeatedly sending crafted packets to the controller. Recommendations: For Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1, consider restricting access to the controller to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: The issue is related to insecure permissions in the Silicon Labs Z-Wave Series 700 and 800, which allow attackers to modify the `wakeup interval` of end devices in the controller's memory. This modification disrupts the device's communications with the controller. Recommendations: For version 7.21.1, consider restricting access to the controller's memory to prevent unauthorized changes to the `wakeup interval` until a fix is available. As a temporary workaround, review and secure the permissions settings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1 Description: Insecure permissions in the software allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). Recommendations: For Silicon Labs (SiLabs) Z-Wave Series 700 and 800 version 7.21.1, consider updating to a newer version that addresses the insecure permissions issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Silicon Labs Z-Wave Series 500 version 6.84.0 Description: An issue in Silicon Labs Z-Wave Series 500 allows attackers to execute arbitrary code. Recommendations: For version 6.84.0, update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Silicon Labs Z-Wave Series 500 version 6.84.0 Description: The issue is related to insecure permissions in the software. Recommendations: For version 6.84.0, consider updating the permissions configuration to a more secure setup, however, at the moment, there is no information about a newer version that contains a fix for this issue.