An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the ECUReset specification does not allow a manufacturer to require SecurityAccess and Authentication.
References
Configurations
No configuration.
History
10 Jan 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the ECUReset specification does not allow a manufacturer to require SecurityAccess and Authentication. |
26 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-346 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
25 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
Summary | (en) An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. |
22 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-22 16:15
Updated : 2025-01-10 15:15
NVD link : CVE-2024-51072
Mitre link : CVE-2024-51072
CVE.ORG link : CVE-2024-51072
JSON object : View
Products Affected
No product.
CWE
CWE-346
Origin Validation Error