Sign-up

ID

VAR-201812-1036


CVE

CVE-2018-19983


TITLE

Sigma Design Z-Wave S0 and S2 Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014362

DESCRIPTION

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted. are power management devices. A local attacker could exploit this vulnerability to prevent the device from decrypting received normal frames

Trust: 1.8

sources: NVD: CVE-2018-19983 // JVNDB: JVNDB-2018-014362 // VULHUB: VHN-130697 // VULMON: CVE-2018-19983

AFFECTED PRODUCTS

vendor:silabsmodel:z-wave s2scope:eqversion: -

Trust: 1.0

vendor:silabsmodel:z-wave s0scope:eqversion: -

Trust: 1.0

vendor:siliconmodel:z-wave s0scope: - version: -

Trust: 0.8

vendor:siliconmodel:z-wave s2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014362 // NVD: CVE-2018-19983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19983
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-19983
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-337
value: MEDIUM

Trust: 0.6

VULHUB: VHN-130697
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-19983
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-19983
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-130697
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19983
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-130697 // VULMON: CVE-2018-19983 // JVNDB: JVNDB-2018-014362 // CNNVD: CNNVD-201812-337 // NVD: CVE-2018-19983

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-130697 // JVNDB: JVNDB-2018-014362 // NVD: CVE-2018-19983

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201812-337

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-337

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014362

PATCH
title:Z-Wave Softwareurl:https://www.silabs.com/products/development-tools/software/z-wave
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014362

EXTERNAL IDS
db:NVDid:CVE-2018-19983
Trust: 2.6
db:JVNDBid:JVNDB-2018-014362
Trust: 0.8
db:CNNVDid:CNNVD-201812-337
Trust: 0.7
db:VULHUBid:VHN-130697
Trust: 0.1
db:VULMONid:CVE-2018-19983
Trust: 0.1
sources:
            
            
            VULHUB: VHN-130697 // 
            
            
            
            VULMON: CVE-2018-19983 // 
            
            
            
            JVNDB: JVNDB-2018-014362 // 
            
            
            
            CNNVD: CNNVD-201812-337 // 
            
            
            
            NVD: CVE-2018-19983

REFERENCES
url:https://github.com/min1233/cve/blob/master/2
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19983
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19983
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/330.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-130697 // 
            
            
            
            VULMON: CVE-2018-19983 // 
            
            
            
            JVNDB: JVNDB-2018-014362 // 
            
            
            
            CNNVD: CNNVD-201812-337 // 
            
            
            
            NVD: CVE-2018-19983

SOURCES
db:VULHUBid:VHN-130697
db:VULMONid:CVE-2018-19983
db:JVNDBid:JVNDB-2018-014362
db:CNNVDid:CNNVD-201812-337
db:NVDid:CVE-2018-19983

LAST UPDATE DATE
2024-11-23T21:37:53.964000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-130697date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-19983date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014362date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-337date:2019-10-23T00:00:00
db:NVDid:CVE-2018-19983date:2024-11-21T03:58:56.373

SOURCES RELEASE DATE
db:VULHUBid:VHN-130697date:2018-12-09T00:00:00
db:VULMONid:CVE-2018-19983date:2018-12-09T00:00:00
db:JVNDBid:JVNDB-2018-014362date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-337date:2018-12-10T00:00:00
db:NVDid:CVE-2018-19983date:2018-12-09T19:29:00.530