Skip to main content

Scout Bobber Tech CVE-2026-49316

| EUVDEUVD-2026-33293 MEDIUM
Expected Behavior Violation (CWE-440)
2026-05-29 ASRG GHSA-xpm6-xp6j-7w29
4.1
CVSS 4.0 · Vendor: ASRG
Share

Severity by source

Vendor (ASRG) PRIMARY
4.1 MEDIUM
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (ASRG) · only source for this CVE.

CVSS VectorVendor: ASRG

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 29, 2026 - 14:32 vuln.today
CVSS changed
May 29, 2026 - 14:22 NVD
4.6 (MEDIUM) 4.1 (MEDIUM)

DescriptionCVE.org

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a well-known CAN error-frame injection technique against a periodic WCM transmission, the attacker drives the WCM CAN controller's transmit error counter past the bus-off threshold, after which the WCM stops transmitting all messages, including the shutdown command. Peer ECUs do not interpret WCM silence as a security event and continue normal operation, allowing the motorcycle to be operated despite the immobilizer never having been unlocked. Specific protocol details have been withheld pending vendor remediation.

AnalysisAI

CAN bus error-frame injection on the 2025 Indian Motorcycle Scout Bobber + Tech defeats the Wireless Control Module (WCM)-enforced immobilizer, enabling vehicle operation without legitimate anti-theft deactivation. An attacker within physical or adjacent proximity drives the WCM's CAN controller into bus-off state by incrementing its transmit error counter past the threshold, permanently silencing the WCM's periodic shutdown command. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Achieve adjacent proximity to target motorcycle
Delivery
Access CAN bus via OBD-II or WCM wireless
Exploit
Inject timed error frames targeting WCM broadcasts
Install
Drive WCM transmit error counter to bus-off
C2
WCM silenced - immobilizer command ceases
Execute
Peer ECUs continue operation without lockout
Impact
Start and operate motorcycle undetected

Vulnerability AssessmentAI

Exploitation The attacker must be within physical proximity to the motorcycle sufficient to reach the OBD-II port or the WCM's wireless interface - the exact required distance is unconfirmed due to a conflict between the CVE description's 'adjacent-network' characterization and the CVSS AV:P vector (see risk assessment). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 4.1 (Medium) is driven by AV:P (Physical attack vector), which bounds exploitation to actors within direct or adjacent range of the vehicle, and AT:P (Attack Requirements: Present), indicating the WCM must be actively transmitting - its normal operating state - for the attack to proceed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker carrying a commodity USB-to-CAN adapter and a laptop approaches a parked 2025 Scout Bobber + Tech in a public space, accesses the CAN bus via the OBD-II diagnostic port or via the WCM wireless interface, and transmits malformed CAN error frames timed to collide with the WCM's periodic immobilizer-state broadcasts. Within seconds to minutes, the WCM's transmit error counter reaches 255 and the module enters bus-off, permanently silencing its shutdown command for the remainder of the power cycle. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49316 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy