CVE-2020-9059

Name of the Vulnerable Software and Affected Versions Z-Wave devices based on Silicon Labs 500 series chipsets Schlage BE468 version 3.42

Description The issue affects Z-Wave devices that use S0 authentication, leading to uncontrolled resource consumption and resulting in battery exhaustion. For example, the Schlage BE468 door lock is vulnerable and fails open when the battery level is low.

Recommendations For Schlage BE468 version 3.42, consider replacing the batteries more frequently to minimize the risk of the lock failing open due to low battery level. For Z-Wave devices based on Silicon Labs 500 series chipsets, restrict the use of S0 authentication until a patch or fix is available to prevent uncontrolled resource consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.