CVE-2013-20003

Name: CVE-2013-20003
Creator: NVD / NIST
Published: 2022-02-04T23:15:09.627+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.3/10EPSS 0.56%

Last modified Jun 16, 2026

CVE-2013-20003 is a high-severity vulnerability rated 8.3/10 on the CVSS scale. Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.

Description

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.

Metrics

CVSS 3.1

8.3/10

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.56%

42.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Silabs	Zgm130s037hgn Firmware	s2
Silabs	Zm5202 Firmware	s2
Silabs	Zm5101 Firmware	s2
Silabs	Zgm2305a27hgn Firmware	s2
Silabs	Zgm230sb27hgn Firmware	s2

References

https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/Third Party Advisory
https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdfTechnical Description, Third Party Advisory
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/Exploit, Third Party Advisory
https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/Third Party Advisory
https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdfTechnical Description, Third Party Advisory
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/Exploit, Third Party Advisory

Timeline

Published: Feb 4, 2022
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-20003?

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.

How severe is CVE-2013-20003?

CVE-2013-20003 has a CVSS score of 8.3/10 (HIGH severity). The EPSS model estimates a 0.56% probability of exploitation in the next 30 days.

How do I fix CVE-2013-20003?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-20003?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST