CVE-2020-9059 - OpenCVE

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Silabs	500 Series Firmware
Schlage	Be468

Configuration 1 [-]

cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*

References

Link	Resource
https://doi.org/10.1109/ACCESS.2021.3138768	Broken Link
https://github.com/CNK2100/VFuzz-public	Third Party Advisory
https://ieeexplore.ieee.org/document/9663293	Broken Link
https://kb.cert.org/vuls/id/142629	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/142629	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2021-12-27T00:00:00

Updated: 2022-01-07T23:06:13

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9059

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-10T14:10:16.303

Modified: 2022-09-20T17:16:54.653

Link: CVE-2020-9059

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "BE468", "vendor": "Schlage", "versions": [{"status": "affected", "version": "3.42"}]}, {"product": "500 series", "vendor": "Silicon Labs", "versions": [{"status": "affected", "version": "all"}]}], "credits": [{"lang": "en", "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"}], "datePublic": "2021-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-07T23:06:13", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/142629"}, {"tags": ["x_refsource_MISC"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"tags": ["x_refsource_MISC"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"name": "VU#142629", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/142629"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2021-12-27T05:00:00.000Z", "ID": "CVE-2020-9059", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BE468", "version": {"version_data": [{"version_affected": "=", "version_value": "3.42"}]}}]}, "vendor_name": "Schlage"}, {"product": {"product_data": [{"product_name": "500 series", "version": {"version_data": [{"version_affected": "=", "version_value": "all"}]}}]}, "vendor_name": "Silicon Labs"}]}}, "credit": [{"lang": "eng", "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://kb.cert.org/vuls/id/142629", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/142629"}, {"name": "https://ieeexplore.ieee.org/document/9663293", "refsource": "MISC", "url": "https://ieeexplore.ieee.org/document/9663293"}, {"name": "https://github.com/CNK2100/VFuzz-public", "refsource": "MISC", "url": "https://github.com/CNK2100/VFuzz-public"}, {"name": "https://doi.org/10.1109/ACCESS.2021.3138768", "refsource": "MISC", "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"name": "VU#142629", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/142629"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2020-9059", "datePublished": "2021-12-27T00:00:00", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2022-01-07T23:06:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "92760285-A1DD-4569-AD71-834BBF2D9E64", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*", "matchCriteriaId": "D07734B8-CA19-4F62-A0AF-1DB87FCBA667", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."}, {"lang": "es", "value": "Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan la autenticaci\u00f3n S0 son susceptibles a un consumo de recursos no controlados, conllevando a un agotamiento de la bater\u00eda. Como ejemplo, la cerradura de puerta Schlage BE468 versi\u00f3n 3.42 es vulnerable y falla al abrirse con un nivel bajo de bater\u00eda"}], "id": "CVE-2020-9059", "lastModified": "2022-09-20T17:16:54.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-10T14:10:16.303", "references": [{"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/142629"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/142629"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "cret@cert.org", "type": "Secondary"}]}