References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

ZF Roll Stability Support Plus (RSSPlus) 
is vulnerable to an authentication bypass vulnerability targeting 
deterministic RSSPlus SecurityAccess service seeds, which may allow an 
attacker to remotely (proximal/adjacent with RF equipment or via pivot 
from J2497 telematics devices) call diagnostic functions intended for 
workshop or repair scenarios. This can impact system availability, 
potentially degrading performance or erasing software, however the 
vehicle remains in a safe vehicle state.

AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

CWE-305

https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03