Description
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.
Published: 2026-06-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Malformed IAS Zone enrollment messages can trigger an out‑of‑bounds write to the state table in EmberZNet v9.0.2 and earlier, causing the process to terminate. The vulnerability is a classic buffer overwrite (CWE‑787) that can be exploited remotely by any device that has already joined the network and supports the IAS Zone cluster.

Affected Systems

Silicon Labs EmberZNet firmware versions 9.0.2 and earlier are affected. The flaw only applies to devices that support the IAS Zone cluster; devices lacking this capability are not impacted.

Risk and Exploitability

The CVSS score is 7.1, indicating a high impact severity. Because EPSS is not available, the exact exploitation probability is unknown, but the flaw is listed outside of the CISA KEV catalog. An attacker must send a crafted IAS Zone enrollment message from a joined device; this action can cause a crash and deny service to the target device. No public exploit is documented.

Generated by OpenCVE AI on June 25, 2026 at 15:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade EmberZNet firmware to a version that contains the patch for this issue, as detailed in Silicon Labs’s official release notes or firmware download links.
  • If the latest firmware cannot be applied immediately, restrict the network so that only trusted devices capable of joining the network and supporting the IAS Zone cluster can communicate with the EmberZNet controller, reducing the opportunity for malicious messages.
  • Implement a watchdog or failure‑restart mechanism to quickly recover the device if it crashes, mitigating the denial‑of‑service impact while a patch is applied.

Generated by OpenCVE AI on June 25, 2026 at 15:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Silicon Labs
Silicon Labs emberznet
Vendors & Products Silicon Labs
Silicon Labs emberznet

Thu, 25 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.
Title IAS Zone enroll invalid table index and write in EmberZNet 9.0.2
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Silicon Labs Emberznet
cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-06-25T14:16:07.807Z

Reserved: 2026-05-18T20:02:03.669Z

Link: CVE-2026-47150

cve-icon Vulnrichment

Updated: 2026-06-25T14:16:04.847Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:37:53Z

Weaknesses