Skip to main content

Gateway Ecu CVE-2016-9337

MEDIUM
Command Injection (CWE-77)
2017-02-13 ics-cert@hq.dhs.gov
6.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 13, 2017 - 21:59 cve.org
MEDIUM 6.8

DescriptionCVE.org

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.

AnalysisAI

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection. Affected products include: Tesla Gateway Ecu. Version information: version 7.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

Share

CVE-2016-9337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy