CVE-2013-20003 - OpenCVE

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Silabs	Zm5101 Zm5202 Firmware Zgm230sb27hgn Firmware Zgm230sb27hgn Zgm2305a27hgn Firmware Zgm130s037hgn Firmware Zgm2305a27hgn Zm5202 Zm5101 Firmware Zgm130s037hgn

Configuration 1 [-]

AND

cpe:2.3:o:silabs:zgm130s037hgn_firmware:s2:*:*:*:*:*:*:*

cpe:2.3:h:silabs:zgm130s037hgn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:silabs:zm5202_firmware:s2:*:*:*:*:*:*:*

cpe:2.3:h:silabs:zm5202:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:silabs:zm5101_firmware:s2:*:*:*:*:*:*:*

cpe:2.3:h:silabs:zm5101:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:silabs:zgm2305a27hgn_firmware:s2:*:*:*:*:*:*:*

cpe:2.3:h:silabs:zgm2305a27hgn:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:silabs:zgm230sb27hgn_firmware:s2:*:*:*:*:*:*:*

cpe:2.3:h:silabs:zgm230sb27hgn:-:*:*:*:*:*:*:*

References

Link	Resource
https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/	Third Party Advisory
https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf	Technical Description Third Party Advisory
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2013-08-01T00:00:00

Updated: 2022-02-04T22:33:05

Reserved: 2022-01-26T00:00:00

Link: CVE-2013-20003

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-04T23:15:09.627

Modified: 2022-02-09T15:41:04.353

Link: CVE-2013-20003

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Z-Wave", "vendor": "Silicon Labs", "versions": [{"status": "affected", "version": "S0"}]}, {"product": "Z-Wave", "vendor": "Sierra Designs", "versions": [{"lessThan": "S0", "status": "affected", "version": "S0", "versionType": "custom"}]}], "datePublic": "2013-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-04T22:33:05", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/"}, {"tags": ["x_refsource_MISC"], "url": "https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2013-08-01T17:15:00.000Z", "ID": "CVE-2013-20003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Z-Wave", "version": {"version_data": [{"version_affected": "=", "version_name": "S0", "version_value": "S0"}]}}]}, "vendor_name": "Silicon Labs"}, {"product": {"product_data": [{"product_name": "Z-Wave", "version": {"version_data": [{"version_affected": "<", "version_name": "S0", "version_value": "S0"}]}}]}, "vendor_name": "Sierra Designs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"}]}]}, "references": {"reference_data": [{"name": "https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf", "refsource": "MISC", "url": "https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf"}, {"name": "https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/", "refsource": "MISC", "url": "https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/"}, {"name": "https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/", "refsource": "MISC", "url": "https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2013-20003", "datePublished": "2013-08-01T00:00:00", "dateReserved": "2022-01-26T00:00:00", "dateUpdated": "2022-02-04T22:33:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:zgm130s037hgn_firmware:s2:*:*:*:*:*:*:*", "matchCriteriaId": "DAE411D1-DEAB-4251-A7A4-B55492D53AC2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silabs:zgm130s037hgn:-:*:*:*:*:*:*:*", "matchCriteriaId": "57708CEA-8CF3-4FAF-A7D4-8572EE7A7E53", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:zm5202_firmware:s2:*:*:*:*:*:*:*", "matchCriteriaId": "B0F01E96-49C5-4FB6-A549-5B25F04B26DB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silabs:zm5202:-:*:*:*:*:*:*:*", "matchCriteriaId": "64DAB9DC-A25C-4C7B-8A98-D6AAD3DF46CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:zm5101_firmware:s2:*:*:*:*:*:*:*", "matchCriteriaId": "D529D8C9-6882-4631-AE7A-E7EE52CA4E73", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silabs:zm5101:-:*:*:*:*:*:*:*", "matchCriteriaId": "36D7DA65-1F1E-4C1C-A9EB-16F615E5C34A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:zgm2305a27hgn_firmware:s2:*:*:*:*:*:*:*", "matchCriteriaId": "8AC94143-DE93-4179-B4E3-9B684E28A6F0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silabs:zgm2305a27hgn:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A86A154-AD74-4EFB-B94A-15C619683EB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:zgm230sb27hgn_firmware:s2:*:*:*:*:*:*:*", "matchCriteriaId": "AE07BCD8-452E-43B4-BC8B-30797A3CF830", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silabs:zgm230sb27hgn:-:*:*:*:*:*:*:*", "matchCriteriaId": "5794CE0B-4A2F-439F-A6DF-42A710E35D89", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic."}, {"lang": "es", "value": "Los dispositivos Z-Wave de Sierra Designs (alrededor de 2013) y Silicon Labs (que usan seguridad S0) pueden usar una clave de red conocida y compartida de todos los ceros, lo que permite a un atacante dentro del rango de radio falsificar el tr\u00e1fico Z-Wave"}], "id": "CVE-2013-20003", "lastModified": "2022-02-09T15:41:04.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-04T23:15:09.627", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/"}, {"source": "cret@cert.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf"}, {"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-338"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "cret@cert.org", "type": "Secondary"}]}