Description
Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which typically has no value to an adversary). Also, this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification.
INFO
Published Date :
2024-11-22T00:00:00.000Z
Last Modified :
2025-01-13T14:45:45.797Z
Source :
mitre
AFFECTED PRODUCTS
The following products are affected by CVE-2024-51074 vulnerability.
No data.
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-51074.