SB2022030702 - Multiple vulnerabilities in Trailer Power Line Communications (PLC) J2497

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022030702

SB2022030702 - Multiple vulnerabilities in Trailer Power Line Communications (PLC) J2497

Published: March 7, 2022

Security Bulletin ID SB2022030702
Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2022-25922)

The vulnerability allows an attacker with pysical access to compromise the target system.

The vulnerability exists due to trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages.


2) Improper Protection against Electromagnetic Fault Injection (CVE-ID: CVE-2022-26131)

The vulnerability allows a remote attacker on the local network to compromise the system.

The vulnerability exists due to the trailer power line communications J2497 (PLC4TRUCKS) receivers are susceptible to remote RF induced signals.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References