CVE-2023-6640 - Vulnerability Details - OpenCVE

Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Silabs	Z-wave Pc-based Controller

Configuration 1 [-]

cpe:2.3:a:silabs:z-wave_pc-based_controller:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.silabs.com/068Vm000001HdNm

History

Wed, 12 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Silabs Silabs z-wave Pc-based Controller
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:silabs:z-wave_pc-based_controller::::::::
Vendors & Products		Silabs Silabs z-wave Pc-based Controller

Fri, 27 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-754
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
Description	Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.	Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
Title	Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability	Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability
Weaknesses		CWE-248

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2024-02-21T19:56:50.808Z

Updated: 2024-09-27T15:55:02.841Z

Reserved: 2023-12-08T20:21:25.231Z

Link: CVE-2023-6640

Vulnrichment

Updated: 2024-08-02T08:35:14.885Z

NVD

Status : Analyzed

Published: 2024-02-21T20:15:46.497

Modified: 2025-02-12T16:52:28.897

Link: CVE-2023-6640

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6640", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-12-08T20:21:25.231Z", "datePublished": "2024-02-21T19:56:50.808Z", "dateUpdated": "2024-09-27T15:55:02.841Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "PC Controller", "product": "PC Controller", "repo": "https://github.com/SiliconLabs/gecko_sdk/releases", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "5.54.0", "status": "affected", "version": "0", "versionType": "LessThan"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. "}], "value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier."}], "impacts": [{"capecId": "CAPEC-595", "descriptions": [{"lang": "en", "value": "CAPEC-595 Connection Reset"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248 Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-27T15:55:02.841Z"}, "references": [{"tags": ["vendor-advisory", "permissions-required"], "url": "https://community.silabs.com/068Vm000001HdNm"}], "source": {"discovery": "UNKNOWN"}, "title": "Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-15T20:30:46.012849Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:13.416Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.885Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "permissions-required", "x_transferred"], "url": "https://community.silabs.com/068Vm000001HdNm"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.silabs.com/068Vm000001HdNm", "tags": ["vendor-advisory", "permissions-required", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.885Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-15T20:30:46.012849Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.060Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-595", "descriptions": [{"lang": "en", "value": "CAPEC-595 Connection Reset"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/SiliconLabs/gecko_sdk/releases", "vendor": "silabs.com", "product": "PC Controller", "versions": [{"status": "affected", "version": "0", "versionType": "LessThan", "lessThanOrEqual": "5.54.0"}], "packageName": "PC Controller", "defaultStatus": "unaffected"}], "references": [{"url": "https://community.silabs.com/068Vm000001HdNm", "tags": ["vendor-advisory", "permissions-required"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.", "supportingMedia": [{"type": "text/html", "value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-27T15:55:02.841Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6640", "state": "PUBLISHED", "dateUpdated": "2024-09-27T15:55:02.841Z", "dateReserved": "2023-12-08T20:21:25.231Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2024-02-21T19:56:50.808Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:z-wave_pc-based_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ACB7BA3-6720-44E9-A822-F4673C4B81A9", "versionEndIncluding": "5.54", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier."}, {"lang": "es", "value": "Se pueden enviar paquetes S2 Nonce Get Command Class con formato incorrecto para bloquear el PC Controller v5.54.0 y versiones anteriores."}], "id": "CVE-2023-6640", "lastModified": "2025-02-12T16:52:28.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "product-security@silabs.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-21T20:15:46.497", "references": [{"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://community.silabs.com/068Vm000001HdNm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://community.silabs.com/068Vm000001HdNm"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "product-security@silabs.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}