CVE-2022-24611: Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series...
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.
Security readout for executives and security teams
Plain-English summary
An attacker near a Z-Wave network may disrupt protected smart-building or IoT device communications. The record names Silicon Labs Z-Wave 500 series and a protocol-level issue, but does not identify specific end products or a vendor fix. Business impact depends on what those devices control.
Executive priority
Set priority after asset confirmation. If Z-Wave supports security, access control, alarms, or building operations, handle as an operational resilience risk. If no Z-Wave 500 series or S0/S2 networks exist, no direct exposure is indicated by the provided sources.
Technical view
CVE-2022-24611 describes a DoS in the Z-Wave S0 NonceGet protocol specification affecting Silicon Labs Z-Wave 500 series. Crafted S0 NonceGet packages using included but absent NodeIDs can block S0/S2 protected Z-Wave network traffic. The provided sources omit CVSS, CWE, precise versions, and patch details.
Likely exposure
Exposure is likely limited to environments using Silicon Labs Z-Wave 500 series components on S0/S2 protected Z-Wave networks, with an attacker close enough for local Z-Wave radio access. Specific device models are not identified in the sources.
Exploitation context
The CVE describes local attackers using crafted Z-Wave packages. The source bundle does not cite CISA KEV listing, active exploitation, public exploitation at scale, or confirmed weaponized tooling. Treat exploitation status as unconfirmed beyond the public proof source reference.
Researcher notes
The public record is sparse: no CVSS vector, CWE, affected model list, fixed versions, or vendor advisory is included. The GitHub reference appears central, but the bundle only establishes protocol behavior and local DoS scope, not broad product impact.
Mitigation direction
Inventory Z-Wave controllers and devices for Silicon Labs Z-Wave 500 series components.
Ask device vendors for firmware, configuration, or replacement guidance for CVE-2022-24611.
Prioritize review where Z-Wave controls access, alarms, locks, or operational safety functions.
Reduce unnecessary physical proximity access to sensitive Z-Wave installations.
Monitor for unexplained S0/S2 Z-Wave communication loss or repeated device unavailability.
Validation and detection
Confirm whether S0 or S2 protected Z-Wave networks are deployed.
Identify whether deployed devices use Silicon Labs Z-Wave 500 series components.
Check vendor advisories for affected model confirmation and remediation status.
Review operational logs or user reports for recurring Z-Wave network disruption.
Use only vendor-approved lab validation methods; avoid production disruption testing.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-24611 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
2Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
May 17, 2022, 17:28 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.