Vulnerability Details : CVE-2023-6533
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
Products affected by CVE-2023-6533
- cpe:2.3:a:silabs:z-wave_pc-based_controller:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6533
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6533
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | 2025-02-12 |
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
Silicon Labs | 2024-02-21 |
CWE ids for CVE-2023-6533
-
An exception is thrown from a function, but it is not caught.Assigned by: product-security@silabs.com (Secondary)
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: product-security@silabs.com (Secondary)
-
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.Assigned by: product-security@silabs.com (Secondary)
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: product-security@silabs.com (Secondary)
References for CVE-2023-6533
-
https://community.silabs.com/068Vm000001HdNm
Silicon Labs LoginPermissions Required
Jump to