CVE-2016-9337 — MEDIUM (6.8)

Vulnerability Description

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tesla	Gateway Ecu	-

Related Weaknesses (CWE)

CWE-77

References

http://www.securityfocus.com/bid/94697Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/94697Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-9337?

CVE-2016-9337 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to comma...

How severe is CVE-2016-9337?

CVE-2016-9337 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9337?

Check the references section above for vendor advisories and patch information. Affected products include: Tesla Gateway Ecu.