Malformed Device Reset Locally Command Can Trick Controller into Thinking End Device Left Network
CVE-2023-6533

6.5MEDIUM

Key Information:

Vendor: Silabs.com
Status: Pc Controller
Vendor: CVE Published:; 21 February 2024

What is CVE-2023-6533?

Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.

Affected Version(s)

PC Controller 0 <= 5.54.0

References

https://community.silabs.com/068Vm000001HdNm

vendor-advisorypermissions-required

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Dec 5, 2023

Silabs.com

What is CVE-2023-6533?

Affected Version(s)

References

CVSS V3.1

Timeline