CVE-2024-11166

HIGH

TCAS II - DoS

Title source: llm

Description

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01

Scores

CVSS v4 7.1

EPSS 0.0007

EPSS Percentile 21.5%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-15

Status published

Products (1)

Traffic Alert and Collision Avoidance System (TCAS) II/Collision Avoidance Systems 7.1

Published Jan 22, 2025

Tracked Since Feb 18, 2026