CVE-2023-6533

EPSS 0.04%
Published 21.02.2024 20:15:46
Last modified 12.02.2025 16:57:31
Source product-security@silabs.com
Teams watchlist Login
Open Login

Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Silabs ≫ Z-wave Pc-based Controller Version <= 5.54

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
product-security@silabs.com	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

CWE-419 Unprotected Primary Channel

The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.

https://community.silabs.com/068Vm000001HdNm

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-6533

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6533

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6533

EUVD