CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-12054: ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness

5.4 CVSS

Description

ZF Roll Stability Support Plus (RSSPlus)
is vulnerable to an authentication bypass vulnerability targeting
deterministic RSSPlus SecurityAccess service seeds, which may allow an
attacker to remotely (proximal/adjacent with RF equipment or via pivot
from J2497 telematics devices) call diagnostic functions intended for
workshop or repair scenarios. This can impact system availability,
potentially degrading performance or erasing software, however the
vehicle remains in a safe vehicle state.

Classification

CVE ID: CVE-2024-12054

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

Affected Products

Vendor: ZF

Product: RSSPlus 2M

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.98% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03
https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf

Timeline

2025-02-14 00:31:26 UTC
CVE

ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness