CVE-2024-12054 MEDIUM

CVE-2024-12054: ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness

Vendor Zf
Product RSSPlus 2M
Weakness CWE-305
Published February 13, 2025
Last update February 14, 2025

CVSS base score

5.4/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics devices) call diagnostic functions intended for workshop or repair scenarios. This can impact system availability, potentially degrading performance or erasing software, however the vehicle remains in a safe vehicle state.

Key dates

02Disclosure timeline

February 13, 2025 CVE published
February 14, 2025 Record updated