CVE-2016-9337
MEDIUMTesla Motors Model S <7.1 (2.36.31) - Command Injection
Title source: llmDescription
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94697
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01
Scores
CVSS v3
6.8
EPSS
0.0182
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
n/a/Tesla Gateway ECU on Model S automobile
Tesla Gateway ECU on Model S automobile
tesla/gateway_ecu
Published
Feb 13, 2017
Tracked Since
Feb 18, 2026