CVE-2018-19983

Vulnerability

An issue exists in Sigma Design Z-Wave devices operating in security mode S0 (through S2, but S0 is specifically affected). The vulnerability is triggered when an attacker sends continuously divided Nonce Get (0x98 0x81) frames to a Z-Wave node. Upon receiving a Nonce Get, the node generates a new random nonce, transmits it to the source node, and enters a wait state. If a subsequent Nonce Get is received, the node discards the previous nonce and generates another new nonce. Consequently, normal frames encrypted with the prior nonce can no longer be decrypted. The affected versions include all Sigma Design Z-Wave S0 security products [1].

Exploitation

An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, or CC1110). The attacker then repeatedly sends divided Nonce Get (0x98 0x81) frames to the target S0 device. No special authentication is required beyond the ability to transmit Z-Wave frames within radio range. The attack is a denial-of-service technique that exploits the nonce handling logic in S0 mode [1].

Impact

Successful exploitation results in a denial-of-service condition. The victim node repeatedly regenerates nonces, discarding previous values and rendering normal encrypted frames undecryptable. This prevents legitimate communication with the device, disrupting Z-Wave network operations [1].

Mitigation

As of the publication date (2018-12-09), no patch or vendor fix has been identified in the available references. Users are advised to monitor vendor advisories for future updates. The attack vector is limited to S0 security mode; upgrading to S2 security mode may mitigate the issue if the device supports it [1].