All CISA Advisories, EN

Schneider Electric Zigbee Products

View CSAF

Summary

Schneider Electric is aware of multiple vulnerabilities with EmberZNet disclosed by Silicon Labs. Many vendors, including Schneider Electric, use Silicon Labs’ Zigbee processors in their offers. The following have denial of service vulnerabilities: Wiser iTRV, Wiser RTR, Wiser UFH, Wiser Heat Switch, Wiser Boiler Relay, cFMT (Exaact, Elko, Odace, Merten), Wiser Micromodule, Iconic Wiser Connected Smart Dimmer, Iconic Zigbee devices, Wiser Application Modules, Wiser Connected Pushbutton Switch/Dimmer/Shutter controller, Rotary Dimmer, Motion Sensor Dimmer/Switch, Smart socket outlets, and EV socket outlet. See the following table. Failure to apply the mitigations provided below may risk denial of service, which could result in products being unavailable.

The following versions of Schneider Electric Zigbee Products are affected:

  • Wiser iTRV2 (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Wiser iTRV3 (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Wiser RTR2 (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Wiser UFH (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Wiser 16A Electrical Heat Switch (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Wiser Boiler Relay (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Exxact cFMT 16a (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Elko cFMT 16a (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Odace cFMT 2a (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Merten cFMT 16a (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Merten cFMT 2a (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Wiser Power Micromodule (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Wiser FIP Micromodule (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Iconic, Wiser Connected Smart Dimmer (CVE-2024-6350, CVE-2024-6351, CVE-2024-6352, CVE-2024-10106, CVE-2024-7322)
  • Icon

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from All CISA Advisories

    Read the original article: