Malformed Device Reset Locally Command Can Trick Controller into Thinking End Device Left Network
CVE-2023-6533

6.5MEDIUM

Key Information:

Vendor: Silabs.com
Status: Pc Controller
Vendor: CVE Published:; 21 February 2024

Summary

Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.

Affected Version(s)

PC Controller 0 <= 5.54.0

References

https://community.silabs.com/068Vm000001HdNm

vendor-advisorypermissions-required

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Dec 5, 2023