Texas Instruments provides a Wi-SUN® Stack implementing the IEEE® 802.15.4g specifications. The TI Wi-SUN® stack did not include logic to check the frame counter of incoming packets as described in step h of section 9.2.3 of the IEEE® 802.15.4-2020 standard. This allows attackers to capture network packets and resend those packets. The receiving device will process the packet as if it was sent by the original source of the packet.
TI-PSIRT-2022-100128
None
4.3
| Part | SDK | SDK Version | TI-Wi-SUN-Stack Version |
|---|---|---|---|
| CC1352R, CC1352P7, CC1352P, CC1312R7, CC1312R, CC1200 | SIMPLELINK-CC13XX-CC26XX-SDK: SimpleLink™ CC13xx and CC26xx software development kit (SDK) | 6.40.00.13 and earlier | 1.0.6 and earlier |
To determine if your product is impacted, check the version of the TI Wi-SUN® stack built into your product. This can be done by looking at the documentation included with SDK.
The failure to correctly validate the frame counter may allow an attacker to replay network packets. The vulnerability does not allow an attacker to decrypt or modify packets.
Customers are encouraged to upgrade to the latest SDK for their Wi-SUN® product. After obtaining the latest SDK, customers should confirm a TI Wi-SUN® Stack version of 2.10.00 or greater and upgrade their device to use the new version of the stack.
The following SDK releases address these vulnerabilities:
| SDK | First SDK version with mitigations | First TI-Wi-SUN-Stack Version with mitigations |
|---|---|---|
| SIMPLELINK-CC13XX-CC26XX-SDK: SimpleLink™ CC13xx and CC26xx software development kit (SDK) | 7.10 | 2.10.00 |
IEEE® Std 802.15.4-2020, IEEE Standard for Low-Rate Wireless Networks, July 2020.
Wi-SUN® Alliance, Technical Profile Specification Field Area Network, Version 1v33
Version 1.0 initial publication