Improper Protection against Electromagnetic Fault Injection in J2497 - CVE-2022-26131
Published: March 7, 2022
Vulnerability identifier: #VU61040
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-26131
CWE-ID: CWE-1319
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: SAE International
Affected software:
J2497
J2497
Detailed vulnerability description
The vulnerability allows a remote attacker on the local network to compromise the system.
The vulnerability exists due to the trailer power line communications J2497 (PLC4TRUCKS) receivers are susceptible to remote RF induced signals.
How to mitigate CVE-2022-26131
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.