CVE-2024-12054
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
13/02/2025
Last modified:
13/02/2025
Description
ZF Roll Stability Support Plus (RSSPlus) <br />
is vulnerable to an authentication bypass vulnerability targeting <br />
deterministic RSSPlus SecurityAccess service seeds, which may allow an <br />
attacker to remotely (proximal/adjacent with RF equipment or via pivot <br />
from J2497 telematics devices) call diagnostic functions intended for <br />
workshop or repair scenarios. This can impact system availability, <br />
potentially degrading performance or erasing software, however the <br />
vehicle remains in a safe vehicle state.
Impact
Base Score 4.0
5.90
Severity 4.0
MEDIUM
Base Score 3.x
5.40
Severity 3.x
MEDIUM