CVE-2017-9647

MEDIUM

Continental AG Infineon S-Gold 2 - Buffer Overflow

Title source: llm

Description

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100132

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01

Scores

CVSS v3 6.6

EPSS 0.0009

EPSS Percentile 26.5%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-121

Status published

Products (2)

infineon/s-gold_2_pmb_8876

n/a/Continental AG Infineon S-Gold 2 (PMB 8876) < Continental AG Infineon S-Gold 2 (PMB 8876)

Published Aug 07, 2017

Tracked Since Feb 18, 2026