exploitDog

CVE-2016-9337

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 6.8

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.

Ссылки

http://www.securityfocus.com/bid/94697
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/94697
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:tesla:gateway_ecu:-:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00949

Низкий

6.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-8pcp-29rv-982g

CVSS3: 6.8

github

больше 3 лет назад

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.

EPSS

Процентиль: 76%

0.00949

Низкий

6.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-77