CVE-2017-9633

Name: CVE-2017-9633
Creator: NVD / NIST
Published: 2017-08-07T08:29:00.447+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 2.24%

Last modified Jun 17, 2026

CVE-2017-9633 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. EPSS estimates a 2.24% chance of exploitation in the next 30 days.

Description

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.24%

80.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Infineon	S-Gold 2 Pmb 8876	All versions

References

http://www.securityfocus.com/bid/100132Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/100132Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01Third Party Advisory, US Government Resource

Timeline

Published: Aug 7, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-9633?

How severe is CVE-2017-9633?

CVE-2017-9633 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 2.24% probability of exploitation in the next 30 days.

How do I fix CVE-2017-9633?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-9633?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST