Search criteria
1 vulnerability by ZF
CVE-2024-12054 (GCVE-0-2024-12054)
Vulnerability from cvelistv5 – Published: 2025-02-13 22:08 – Updated: 2025-02-14 15:58
VLAI?
Title
ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness
Summary
ZF Roll Stability Support Plus (RSSPlus)
is vulnerable to an authentication bypass vulnerability targeting
deterministic RSSPlus SecurityAccess service seeds, which may allow an
attacker to remotely (proximal/adjacent with RF equipment or via pivot
from J2497 telematics devices) call diagnostic functions intended for
workshop or repair scenarios. This can impact system availability,
potentially degrading performance or erasing software, however the
vehicle remains in a safe vehicle state.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZF | RSSPlus 2M |
Affected:
01/08 , < 01/23
(custom)
|
Credits
National Motor Freight Traffic Association, Inc. (NMFTA) researchers Ben Gardiner and Anne Zachos reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T15:58:36.827378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T15:58:47.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RSSPlus 2M",
"vendor": "ZF",
"versions": [
{
"lessThan": "01/23",
"status": "affected",
"version": "01/08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "National Motor Freight Traffic Association, Inc. (NMFTA) researchers Ben Gardiner and Anne Zachos reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZF Roll Stability Support Plus (RSSPlus) \nis vulnerable to an authentication bypass vulnerability targeting \ndeterministic RSSPlus SecurityAccess service seeds, which may allow an \nattacker to remotely (proximal/adjacent with RF equipment or via pivot \nfrom J2497 telematics devices) call diagnostic functions intended for \nworkshop or repair scenarios. This can impact system availability, \npotentially degrading performance or erasing software, however the \nvehicle remains in a safe vehicle state.\n\n\u003cbr\u003e"
}
],
"value": "ZF Roll Stability Support Plus (RSSPlus) \nis vulnerable to an authentication bypass vulnerability targeting \ndeterministic RSSPlus SecurityAccess service seeds, which may allow an \nattacker to remotely (proximal/adjacent with RF equipment or via pivot \nfrom J2497 telematics devices) call diagnostic functions intended for \nworkshop or repair scenarios. This can impact system availability, \npotentially degrading performance or erasing software, however the \nvehicle remains in a safe vehicle state."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T22:08:03.541Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03"
},
{
"url": "https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf"
}
],
"source": {
"advisory": "ICSA-25-021-03",
"discovery": "EXTERNAL"
},
"title": "ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To most effectively mitigate general vulnerabilities of the powerline \ncommunication, any trucks, trailers, and tractors utilizing J2497 \ntechnology should disable all features where possible, except for \nbackwards-compatibility with LAMP ON detection only. Users acquiring new\n trailer equipment should migrate all diagnostics to newer trailer bus \ntechnology. Users acquiring new tractor equipment should remove support \nfor reception of any J2497 message other than LAMP messages.\n\n\u003cbr\u003e"
}
],
"value": "To most effectively mitigate general vulnerabilities of the powerline \ncommunication, any trucks, trailers, and tractors utilizing J2497 \ntechnology should disable all features where possible, except for \nbackwards-compatibility with LAMP ON detection only. Users acquiring new\n trailer equipment should migrate all diagnostics to newer trailer bus \ntechnology. Users acquiring new tractor equipment should remove support \nfor reception of any J2497 message other than LAMP messages."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZF recommends:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMoving away from security access and implementing the latest security feature authenticate (0x29).\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eEnsure random numbers are generated from a cryptographically secure hardware true random number generator.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eAdopting modern standards/protocols for truck trailer communication.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "ZF recommends:\n\n\n\n * Moving away from security access and implementing the latest security feature authenticate (0x29).\u00a0 \n\n\n * Ensure random numbers are generated from a cryptographically secure hardware true random number generator.\u00a0 \n\n\n * Adopting modern standards/protocols for truck trailer communication."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNMFTA has published detailed information about how to mitigate these issues in the following ways:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInstall a LAMP ON firewall for each ECU.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eUse a LAMP detect circuit LAMP ON sender with each trailer.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eChange addresses dynamically on each tractor in response to detecting a transmitter on its current address.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eInstall RF chokes on each trailer between chassis ground and wiring ground.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eLoad with LAMP keyhole signal on each tractor.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eFlood with jamming signal on each tractor.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease visit \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf\"\u003eNMFTA\u003c/a\u003e\u003c/p\u003e for additional details on these and other solutions.\n\n\u003cbr\u003e"
}
],
"value": "NMFTA has published detailed information about how to mitigate these issues in the following ways:\n\n\n\n * Install a LAMP ON firewall for each ECU.\u00a0 \n\n\n * Use a LAMP detect circuit LAMP ON sender with each trailer.\u00a0 \n\n\n * Change addresses dynamically on each tractor in response to detecting a transmitter on its current address.\u00a0 \n\n\n * Install RF chokes on each trailer between chassis ground and wiring ground.\u00a0 \n\n\n * Load with LAMP keyhole signal on each tractor.\u00a0 \n\n\n * Flood with jamming signal on each tractor.\u00a0 \n\n\n\n\n\nPlease visit NMFTA https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf \n\n for additional details on these and other solutions."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-12054",
"datePublished": "2025-02-13T22:08:03.541Z",
"dateReserved": "2024-12-02T19:56:35.074Z",
"dateUpdated": "2025-02-14T15:58:47.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}