CVE-2022-39064 - OpenCVE

Vendors	Products
Ikea	Tradfri Led1732g11 Tradfri Led1732g11 Firmware

Link	Providers
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39064", "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "assignerShortName": "SNPS", "dateUpdated": "2024-08-03T11:10:32.467Z", "dateReserved": "2022-08-31T00:00:00", "datePublished": "2022-10-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "shortName": "SNPS", "dateUpdated": "2022-10-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\u00c5DFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TR\u00c5DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}], "affected": [{"vendor": "Ikea", "product": "TR\u00c5DFRI smart lighting system", "versions": [{"version": "< 2.0.029 >", "status": "affected"}]}], "references": [{"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-241: Improper Handling of Unexpected Data Type", "cweId": "CWE-241"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:10:32.467Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ikea:tradfri_led1732g11:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A875365-811A-41E2-8A25-63BF0E4A31B2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ikea:tradfri_led1732g11_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE26E91E-D3AB-471A-B3BB-0EB928F75B1F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\u00c5DFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TR\u00c5DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}, {"lang": "es", "value": "Un atacante enviando una sola trama malformada IEEE 802.15.4 (Zigbee) hace que la bombilla TR\u00c5DFRI parpadee, y si reproduce (es decir, reenv\u00eda) la misma trama varias veces, la bombilla lleva a cabo un reinicio de f\u00e1brica. Esto causa que la bombilla pierda la informaci\u00f3n de configuraci\u00f3n de la red Zigbee y el nivel de luminosidad actual. Despu\u00e9s de este ataque, todas las luces son encendidas con el brillo m\u00e1ximo, y un usuario no puede controlar las bombillas ni con la app IKEA Home Smart ni con el mando a distancia TR\u00c5DFRI. La trama Zigbee malformada es un mensaje de difusi\u00f3n no autenticado, lo que significa que todos los dispositivos vulnerables dentro del rango de radio est\u00e1n afectados. CVSS 3.1, Puntuaci\u00f3n Base 7.1, Vector: CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}], "id": "CVE-2022-39064", "lastModified": "2022-10-18T20:15:06.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-14T16:15:18.417", "references": [{"source": "disclosure@synopsys.com", "tags": ["Third Party Advisory"], "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/"}], "sourceIdentifier": "disclosure@synopsys.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-241"}], "source": "disclosure@synopsys.com", "type": "Secondary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object