Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability by fca

CVE-2015-5611 (GCVE-0-2015-5611)

Vulnerability from cvelistv5 – Published: 2015-07-21 18:00 – Updated: 2024-08-06 06:59

Summary

Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient "Radio security protection," as demonstrated on a 2014 Jeep Cherokee Limited FWD.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/75993	vdb-entryx_refsource_BID
	https://twitter.com/0xcharlie/status/623171594349842433	x_refsource_MISC
	http://www.wired.com/2015/07/hackers-remotely-kil…	x_refsource_MISC
	http://media.fcanorthamerica.com/newsrelease.do?i…	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01	x_refsource_MISC
	http://blog.fcanorthamerica.com/2015/07/22/unhack…	x_refsource_CONFIRM
	http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/downlo…	x_refsource_MISC
	https://twitter.com/0xcharlie/status/623258479730552832	x_refsource_MISC
	https://twitter.com/0xcharlie/status/623195051296993280	x_refsource_MISC
	https://www.youtube.com/watch?v=MK0SrxBC1xs&featu…	x_refsource_MISC
	http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/downlo…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:59:03.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75993",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75993"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/0xcharlie/status/623171594349842433"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://media.fcanorthamerica.com/newsrelease.do?id=16827\u0026mid=1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/0xcharlie/status/623258479730552832"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/0xcharlie/status/623195051296993280"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=MK0SrxBC1xs\u0026feature=youtu.be"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient \"Radio security protection,\" as demonstrated on a 2014 Jeep Cherokee Limited FWD."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "75993",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75993"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/0xcharlie/status/623171594349842433"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://media.fcanorthamerica.com/newsrelease.do?id=16827\u0026mid=1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/0xcharlie/status/623258479730552832"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/0xcharlie/status/623195051296993280"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.youtube.com/watch?v=MK0SrxBC1xs\u0026feature=youtu.be"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient \"Radio security protection,\" as demonstrated on a 2014 Jeep Cherokee Limited FWD."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "75993",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75993"
            },
            {
              "name": "https://twitter.com/0xcharlie/status/623171594349842433",
              "refsource": "MISC",
              "url": "https://twitter.com/0xcharlie/status/623171594349842433"
            },
            {
              "name": "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/",
              "refsource": "MISC",
              "url": "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/"
            },
            {
              "name": "http://media.fcanorthamerica.com/newsrelease.do?id=16827\u0026mid=1",
              "refsource": "MISC",
              "url": "http://media.fcanorthamerica.com/newsrelease.do?id=16827\u0026mid=1"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01"
            },
            {
              "name": "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/",
              "refsource": "CONFIRM",
              "url": "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/"
            },
            {
              "name": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf",
              "refsource": "MISC",
              "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf"
            },
            {
              "name": "https://twitter.com/0xcharlie/status/623258479730552832",
              "refsource": "MISC",
              "url": "https://twitter.com/0xcharlie/status/623258479730552832"
            },
            {
              "name": "https://twitter.com/0xcharlie/status/623195051296993280",
              "refsource": "MISC",
              "url": "https://twitter.com/0xcharlie/status/623195051296993280"
            },
            {
              "name": "https://www.youtube.com/watch?v=MK0SrxBC1xs\u0026feature=youtu.be",
              "refsource": "MISC",
              "url": "https://www.youtube.com/watch?v=MK0SrxBC1xs\u0026feature=youtu.be"
            },
            {
              "name": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf",
              "refsource": "MISC",
              "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5611",
    "datePublished": "2015-07-21T18:00:00",
    "dateReserved": "2015-07-21T00:00:00",
    "dateUpdated": "2024-08-06T06:59:03.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}