Silicon Labs Wi-SUN SDK Vulnerability Allows Malicious Messages Through Your Network

CVECVE-2023-1261
CVSScvssV3_1: 8.2
SourceCVE-2023-1261

The Silicon Labs Wi-SUN SDK, a software development kit used for developing applications on low-power wide area networks, is affected by a vulnerability that could allow malicious actors to route harmful messages through connected devices.

The issue, tracked as CVE-2023-1261, is due to missing message authentication code (MAC) layer security in versions 1.5.0 and below of the Wi-SUN SDK. Without MAC layer protection, unauthorized nodes may be able to insert themselves into the network and pass off malicious traffic as legitimate. This could enable attacks like command injection, denial of service, or man-in-the-middle interceptions.

If you are a developer or company using the Silicon Labs Wi-SUN SDK, it is recommended to upgrade to the latest version (higher than 1.5.0) as soon as possible. Applying security patches greatly reduces the risk of network intrusion or data compromise. You should also review any applications built on older versions of the SDK for vulnerabilities.

For users of devices connected to Wi-SUN networks, be aware of this issue and watch for any communications from your hardware providers about upgrades or other steps to take. Staying up-to-date with patches helps protect networks from potential cyber threats.

References