Description
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
Published: 2026-06-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A malformed Level Control Step command in Silicon Labs EmberZNet v9.0.2 or earlier triggers a divide‑by‑zero fault, crashing the device’s control process. This flaw is cataloged as CWE-369 and results in a loss of service for the affected device, potentially disrupting network operations that rely on that device.

Affected Systems

Silicon Labs EmberZNet firmware up to and including version 9.0.2 and all earlier releases are impacted. Devices that support the Level Control cluster and have joined the network can be targeted.

Risk and Exploitability

Based on the description, it is inferred that a malicious or compromised device that has already joined the network can send a crafted Level Control Step command to trigger the divide‑by‑zero fault. The CVSS score of 7.1 indicates a high severity denial‑of‑service vulnerability. While an EPSS score is not currently available, the lack of a KEV listing suggests limited known exploitation at this time. The attack requires a malicious or compromised device that already resides on the network to send a crafted Level Control Step command, making remote network‑based exploitation plausible but contingent on device membership.

Generated by OpenCVE AI on June 25, 2026 at 16:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to EmberZNet version 9.0.3 or later, which addresses the divide‑by‑zero flaw.
  • If an update is not immediately possible, disable or block the Level Control cluster on vulnerable devices to prevent receipt of Level Control Step commands.
  • Continuously monitor network traffic for anomalous Level Control Step commands and isolate any device that behaves unusually to contain potential service disruptions.

Generated by OpenCVE AI on June 25, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Silicon Labs
Silicon Labs emberznet
Vendors & Products Silicon Labs
Silicon Labs emberznet

Thu, 25 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
Title Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2
Weaknesses CWE-369
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Silicon Labs Emberznet
cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-06-25T14:18:04.866Z

Reserved: 2026-05-18T20:02:03.669Z

Link: CVE-2026-47153

cve-icon Vulnrichment

Updated: 2026-06-25T14:18:00.705Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:37:46Z

Weaknesses