CVE-2018-19983

Name of the Vulnerable Software and Affected Versions Sigma Design Z-Wave S0 through S2 devices

Description An issue was discovered in Sigma Design Z-Wave devices, where an attacker can conduct a Denial of Service (DoS) attack against the Z-Wave S0 Security version product. The attack involves continuously sending divided "Nonce Get (0x98 0x81)" frames, causing the node to generate a new random nonce and transition to wait mode. When another "Nonce Get" frame is received, the previous nonce value is discarded, and a new one is generated, resulting in the inability to decrypt received normal frames.

Recommendations For Sigma Design Z-Wave S0 through S2 devices, consider implementing a mechanism to limit the frequency of "Nonce Get" frames to prevent the DoS attack. As a temporary workaround, restrict the use of the "Nonce Get" frame until a patch is available.