Authentication Bypass Vulnerability in ZF Roll Stability Support Plus
CVE-2024-12054

5.9MEDIUM

Key Information:

Vendor: Zf
Status: Rssplus 2m
Vendor: CVE Published:; 13 February 2025

Summary

ZF Roll Stability Support Plus (RSSPlus) is susceptible to an authentication bypass vulnerability that targets predictable SecurityAccess service seeds. This vulnerability allows attackers, either remotely or through adjacent RF equipment, to invoke diagnostic functions that are typically reserved for workshop or repair scenarios. If exploited, this could degrade system performance or potentially erase software, although the overall safety of the vehicle remains intact.

Affected Version(s)

RSSPlus 2M 01/08 < 01/23

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-0...

https://nmfta.org/wp-content/media/2022/11/Actionable_Mit...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Dec 2, 2024

Credit

National Motor Freight Traffic Association, Inc. (NMFTA) researchers Ben Gardiner and Anne Zachos reported this vulnerability to CISA.