CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-51074: Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer...

Description

Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which has no value to an adversary).

Classification

CVE ID: CVE-2024-51074

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://en.wikipedia.org/wiki/CAN_bus
https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/0446f6fe6299eb39310e996c73d5513e70d76353/CVE/Odometer%20Manipulation%28Increase%29%20for%20KIA%20SELTOS%20Cluster%20CVE-2024-51074.md

Timeline

2025-01-07 00:30:31 UTC
CVE

Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer...