CVE-2016-9337
Last modified
CVE-2016-9337 is a vulnerability of currently unknown severity. An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.. EPSS estimates a 1.82% chance of exploitation in the next 30 days.
Description
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tesla | Gateway Ecu | All versions |
References
- http://www.securityfocus.com/bid/94697Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/94697Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-9337?
How severe is CVE-2016-9337?
How do I fix CVE-2016-9337?
Are you affected by CVE-2016-9337?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST