References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

Zero Motorcycles firmware versions 44 and prior enable an attacker to 
forcibly pair a device with the motorcycle via Bluetooth. Once paired, 
an attacker can utilize over-the-air firmware updating functionality to 
potentially upload malicious firmware to the motorcycle. The motorcycle 
must first be in Bluetooth pairing mode, and the attacker must be in 
proximity of the vehicle and understand the full pairing process, to be 
able to pair their device with the vehicle. The attacker's device must 
remain paired with and in proximity of the motorcycle for the entire 
duration of the firmware update.

AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-322

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-06.json

https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-06