CVE-2020-9057 - OpenCVE

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Silabs	200 Series Firmware 100 Series Firmware 300 Series Firmware
Linear	Wapirz-1 Wadwaz-1

Configuration 1 [-]

OR	cpe:2.3:o:linear:wadwaz-1:3.43:::::::*
	cpe:2.3:o:linear:wapirz-1:3.43:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:silabs:100_series_firmware::::::::
	cpe:2.3:o:silabs:200_series_firmware::::::::
	cpe:2.3:o:silabs:300_series_firmware::::::::

References

Link	Resource
https://doi.org/10.1109/ACCESS.2021.3138768	Broken Link
https://github.com/CNK2100/VFuzz-public	Third Party Advisory
https://ieeexplore.ieee.org/document/9663293	Broken Link
https://kb.cert.org/vuls/id/142629	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/142629	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2021-12-27T00:00:00

Updated: 2022-01-07T23:06:20

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9057

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-10T14:10:16.150

Modified: 2022-01-18T17:10:27.780

Link: CVE-2020-9057

JSON object: View

Redhat Information

No data.

CWE

CWE-311

{"containers": {"cna": {"affected": [{"product": "WADWAZ-1", "vendor": "Linear", "versions": [{"status": "affected", "version": "3.43"}]}, {"product": "WAPIRZ-1", "vendor": "Linear", "versions": [{"status": "affected", "version": "3.43"}]}, {"product": "100 series", "vendor": "Silicon Labs", "versions": [{"status": "affected", "version": "all"}]}, {"product": "200 series", "vendor": "Silicon Labs", "versions": [{"status": "affected", "version": "all"}]}, {"product": "300 series", "vendor": "Silicon Labs", "versions": [{"status": "affected", "version": "all"}]}], "credits": [{"lang": "en", "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"}], "datePublic": "2021-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-07T23:06:20", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/142629"}, {"tags": ["x_refsource_MISC"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"tags": ["x_refsource_MISC"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"name": "VU#142629", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/142629"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2021-12-27T05:00:00.000Z", "ID": "CVE-2020-9057", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WADWAZ-1", "version": {"version_data": [{"version_affected": "=", "version_value": "3.43"}]}}, {"product_name": "WAPIRZ-1", "version": {"version_data": [{"version_affected": "=", "version_value": "3.43"}]}}]}, "vendor_name": "Linear"}, {"product": {"product_data": [{"product_name": "100 series", "version": {"version_data": [{"version_affected": "=", "version_value": "all"}]}}, {"product_name": "200 series", "version": {"version_data": [{"version_affected": "=", "version_value": "all"}]}}, {"product_name": "300 series", "version": {"version_data": [{"version_affected": "=", "version_value": "all"}]}}]}, "vendor_name": "Silicon Labs"}]}}, "credit": [{"lang": "eng", "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-311 Missing Encryption of Sensitive Data"}]}]}, "references": {"reference_data": [{"name": "https://kb.cert.org/vuls/id/142629", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/142629"}, {"name": "https://ieeexplore.ieee.org/document/9663293", "refsource": "MISC", "url": "https://ieeexplore.ieee.org/document/9663293"}, {"name": "https://github.com/CNK2100/VFuzz-public", "refsource": "MISC", "url": "https://github.com/CNK2100/VFuzz-public"}, {"name": "https://doi.org/10.1109/ACCESS.2021.3138768", "refsource": "MISC", "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"name": "VU#142629", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/142629"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2020-9057", "datePublished": "2021-12-27T00:00:00", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2022-01-07T23:06:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linear:wadwaz-1:3.43:*:*:*:*:*:*:*", "matchCriteriaId": "29A637D2-2EEB-46FA-925E-230467C662FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linear:wapirz-1:3.43:*:*:*:*:*:*:*", "matchCriteriaId": "62E39D10-8B14-4377-A7A6-CE75DFC6B349", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:100_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD65067D-33BE-47A3-8586-9B7165D44120", "vulnerable": true}, {"criteria": "cpe:2.3:o:silabs:200_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E0D4883-9F5A-447F-85ED-E47D0C5A4940", "vulnerable": true}, {"criteria": "cpe:2.3:o:silabs:300_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "357345BC-2448-46B7-8DED-13B291708DF0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable."}, {"lang": "es", "value": "Los dispositivos Z-Wave basados en los conjuntos de chips de las series 100, 200 y 300 de Silicon Labs no admiten cifrado, permitiendo a un atacante dentro del alcance de la radio tomar el control o causar una denegaci\u00f3n de servicio en un dispositivo vulnerable. Un atacante tambi\u00e9n puede capturar y reproducir el tr\u00e1fico Z-Wave. Las actualizaciones de firmware no pueden abordar directamente esta vulnerabilidad, ya que es un problema con la especificaci\u00f3n Z-Wave para estos conjuntos de chips heredados. Una forma de protegerse contra esta vulnerabilidad es usar los conjuntos de chips de las series 500 o 700 que soportan el cifrado de Seguridad 2 (S2). Como ejemplos, el Linear WADWAZ-1 versi\u00f3n 3.43 y WAPIRZ-1 versi\u00f3n 3.43 (con chipsets de la serie 300) son vulnerables"}], "id": "CVE-2020-9057", "lastModified": "2022-01-18T17:10:27.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-10T14:10:16.150", "references": [{"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/142629"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/142629"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "cret@cert.org", "type": "Secondary"}]}