Description
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.
Published: 2026-06-25
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can trigger an internal assert that aborts the process. The primary impact is a denial of service, disrupting network operations by terminating the affected device or process. The weakness is classified as CWE-617, reflecting improper handling of malformed input leading to an assertion failure.

Affected Systems

Silicon Labs EmberZNet firmware versions 9.0.2 and earlier are affected. The vulnerability applies only to devices that support the Color Control cluster and have already joined the network; devices that do not support this cluster are not impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to send crafted Color Control messages from a device that has joined the network, suggesting the attack vector is network-based and requires prior network membership. Because the attacker must be authenticated to the network, the risk is moderate but significant for devices that rely on the Color Control cluster.

Generated by OpenCVE AI on June 25, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest EmberZNet firmware update released by Silicon Labs that addresses the malformed Color Control message handling.
  • If an update is not available immediately, consider disabling the Color Control cluster on devices that do not require it or restrict the cluster to trusted devices only through network policy.
  • Monitor system logs for abnormal process terminations or assertion failures that may indicate exploitation attempts.

Generated by OpenCVE AI on June 25, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.
Title Color Control color-temperature assertion abort in EmberZNet v9.0.2
Weaknesses CWE-617
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-06-25T14:07:18.118Z

Reserved: 2026-05-18T20:02:03.669Z

Link: CVE-2026-47146

cve-icon Vulnrichment

Updated: 2026-06-25T14:07:14.858Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:30:16Z

Weaknesses