Vulnerability Description
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification.
CVSS Score
MEDIUM
References
- https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/3755e3f6
- https://udsoncan.readthedocs.io/en/latest/udsoncan/services.html
- https://www.iso.org/standard/77323.html
FAQ
What is CVE-2024-51073?
CVE-2024-51073 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is dis...
How severe is CVE-2024-51073?
CVE-2024-51073 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-51073?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.