Sign-up

ID

VAR-201702-0923


CVE

CVE-2016-9337


TITLE

Tesla Model S Gateway ECU Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007985

DESCRIPTION

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection. Tesla Gateway ECU is prone to a command-injection vulnerability. An attacker may leverage this issue to inject arbitrary commands. Versions prior to Tesla Gateway ECU 7.1 (2.36.31) are vulnerable. Tesla Motors Gateway ECU is a set of firmware used by Tesla Motors (Tesla) in the United States to manage cars and provide driving functions

Trust: 1.98

sources: NVD: CVE-2016-9337 // JVNDB: JVNDB-2016-007985 // BID: 94697 // VULHUB: VHN-98157

IOT TAXONOMY

category:['vehicle device']sub_category:vehicle

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:teslamodel:gateway ecuscope:eqversion: -

Trust: 1.6

vendor:teslamodel:gateway ecuscope:ltversion:7.1 (2.36.31) (model s)

Trust: 0.8

vendor:teslamodel:gateway ecuscope:eqversion:0

Trust: 0.3

vendor:teslamodel:gateway ecuscope:neversion:7.1(2.36.31)

Trust: 0.3

sources: BID: 94697 // JVNDB: JVNDB-2016-007985 // CNNVD: CNNVD-201612-181 // NVD: CVE-2016-9337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9337
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9337
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-181
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98157
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9337
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-98157
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9337
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-98157 // JVNDB: JVNDB-2016-007985 // CNNVD: CNNVD-201612-181 // NVD: CVE-2016-9337

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-98157 // JVNDB: JVNDB-2016-007985 // NVD: CVE-2016-9337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-181

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201612-181

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007985

PATCH
title:Top Pageurl:https://www.tesla.com/
Trust: 0.8
title:Tesla Motors Gateway ECU Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66222
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007985 // 
            
            
            
            CNNVD: CNNVD-201612-181

EXTERNAL IDS
db:NVDid:CVE-2016-9337
Trust: 2.9
db:ICS CERTid:ICSA-16-341-01
Trust: 2.8
db:BIDid:94697
Trust: 2.0
db:JVNDBid:JVNDB-2016-007985
Trust: 0.8
db:CNNVDid:CNNVD-201612-181
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-98157
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-98157 // 
            
            
            
            BID: 94697 // 
            
            
            
            JVNDB: JVNDB-2016-007985 // 
            
            
            
            CNNVD: CNNVD-201612-181 // 
            
            
            
            NVD: CVE-2016-9337

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-341-01
Trust: 2.8
url:http://www.securityfocus.com/bid/94697
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9337
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-9337
Trust: 0.8
url:https://www.tesla.com/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-98157 // 
            
            
            
            BID: 94697 // 
            
            
            
            JVNDB: JVNDB-2016-007985 // 
            
            
            
            CNNVD: CNNVD-201612-181 // 
            
            
            
            NVD: CVE-2016-9337

CREDITS
Tencent???s Keen Security Lab
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201612-181

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-98157
db:BIDid:94697
db:JVNDBid:JVNDB-2016-007985
db:CNNVDid:CNNVD-201612-181
db:NVDid:CVE-2016-9337

LAST UPDATE DATE
2025-04-20T19:49:19.032000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-98157date:2017-03-14T00:00:00
db:BIDid:94697date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-007985date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201612-181date:2016-12-08T00:00:00
db:NVDid:CVE-2016-9337date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-98157date:2017-02-13T00:00:00
db:BIDid:94697date:2016-12-06T00:00:00
db:JVNDBid:JVNDB-2016-007985date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201612-181date:2016-12-08T00:00:00
db:NVDid:CVE-2016-9337date:2017-02-13T21:59:01.610