CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-11166: Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability

7.1 CVSS

Description

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

Classification

CVE ID: CVE-2024-11166

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

Affected Products

Vendor: Traffic Alert and Collision Avoidance System (TCAS) II

Product: Collision Avoidance Systems

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.71% (scored less or equal to compared to others)

EPSS Date: 2025-02-20 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01

Timeline

2025-01-23 00:30:16 UTC
CVE

Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability