Command Injection Vulnerability in Tesla Motors Model S Gateway ECU
CVE-2016-9337

6.8MEDIUM

Key Information:

Vendor: Tesla
Status: Tesla Gateway Ecu On Model S Automobile
Vendor: CVE Published:; 13 February 2017

What is CVE-2016-9337?

A command injection vulnerability has been identified in the Tesla Motors Model S, affecting all firmware versions prior to 7.1 (2.36.31) with web browser functionality enabled. This issue allows an attacker to send crafted commands to the vehicle's Gateway ECU. If exploited, it could lead to the installation of malicious software that enables unauthorized messaging to the vehicle's CAN bus. This presents significant risks to vehicle security and user safety, emphasizing the need for timely updates and security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tesla Gateway ECU on Model S automobile Tesla Gateway ECU on Model S automobile

References

http://www.securityfocus.com/bid/94697

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Nov 16, 2016

JSON

Tesla

What is CVE-2016-9337?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.