CVE-2020-8539
HIGHKia Motors Head Unit <SOP.007.1.191209 - Command Injection
Title source: llmDescription
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf
Third Party Advisory x_refsource_misc
https://gist.github.com/gianpyc/4dc8b0d0c29774a10a97785711e325c3
Scores
CVSS v3
7.8
EPSS
0.0226
EPSS Percentile
80.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (3)
kia/head_unit_firmware
sop.003.30.18.0703
kia/head_unit_firmware
sop.005.7.181019
kia/head_unit_firmware
sop.007.1.191209
Published
Dec 01, 2020
Tracked Since
Feb 18, 2026