Description
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
CVSS Metrics
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- adjacent network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- high
- Weaknesses
- CWE-248CWE-419NVD-CWE-noinfo
Metadata
- Primary Vendor
- SILABS
- Published
- 2/21/2024
- Last Modified
- 2/12/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
silabs : z-wave_pc-based_controller
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.