Details of VAR-201708-1418

ID

VAR-201708-1418

CVE

CVE-2017-9633

TITLE

Continental TCU Remote code execution vulnerability

Trust: 0.8

sources: IVD: e123af2d-e7c8-4ada-9bd8-bf07c0f405d8 // CNVD: CNVD-2017-18627

DESCRIPTION

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU. BMW , Ford , Infiniti ,and Nissan On multiple models of Continental AG Infineon S-Gold 2 (PMB 8876) The chipset contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TCU is a 2G modem commonly used in modern cars produced by Continental AG to transmit data between cars and remote management tools such as web panels and mobile applications. Continental AG Infineon S-Gold 2 (PMB 8876) is prone to a remote code-execution vulnerability and a stack-based buffer-overflow vulnerability; fixes are available. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2017-9633 // JVNDB: JVNDB-2017-007277 // CNVD: CNVD-2017-18627 // BID: 100132 // IVD: e123af2d-e7c8-4ada-9bd8-bf07c0f405d8

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e123af2d-e7c8-4ada-9bd8-bf07c0f405d8 // CNVD: CNVD-2017-18627

AFFECTED PRODUCTS

vendor:	infineon	model:	s-gold 2 pmb 8876	scope:	eq	version:	-	Trust: 1.6
vendor:	infineon	model:	s-gold 2	scope:	-	version:	-	Trust: 0.8
vendor:	nissan	model:	leaf	scope:	eq	version:	2011-2015	Trust: 0.6
vendor:	infiniti	model:	jx3	scope:	eq	version:	2013	Trust: 0.6
vendor:	infiniti	model:	qx60	scope:	eq	version:	2014-2016	Trust: 0.6
vendor:	infiniti	model:	qx60 hybrid	scope:	eq	version:	2014-2016	Trust: 0.6
vendor:	infiniti	model:	qx50	scope:	eq	version:	2014-2015	Trust: 0.6
vendor:	infiniti	model:	qx50 hybrid	scope:	eq	version:	2014-2015	Trust: 0.6
vendor:	infiniti	model:	m37/m56	scope:	eq	version:	2013	Trust: 0.6
vendor:	infiniti	model:	q70	scope:	eq	version:	2014-2016	Trust: 0.6
vendor:	infiniti	model:	q70l	scope:	eq	version:	2014-2016	Trust: 0.6
vendor:	infiniti	model:	q70 hybrid	scope:	eq	version:	2015-2016	Trust: 0.6
vendor:	infiniti	model:	qx56	scope:	eq	version:	2013	Trust: 0.6
vendor:	infiniti	model:	qx	scope:	eq	version:	2014-201680	Trust: 0.6
vendor:	bmw	model:	produced between	scope:	eq	version:	2009-2010	Trust: 0.6
vendor:	ford	model:	p-hev	scope:	-	version:	-	Trust: 0.6
vendor:	continental	model:	ag nissan leaf	scope:	eq	version:	2011-20150	Trust: 0.3
vendor:	continental	model:	ag infiniti q70 hybrid	scope:	eq	version:	2015-20160	Trust: 0.3
vendor:	continental	model:	ag infiniti qx60 hybrid	scope:	eq	version:	2014-20160	Trust: 0.3
vendor:	continental	model:	ag infiniti qx60	scope:	eq	version:	2014-20160	Trust: 0.3
vendor:	continental	model:	ag infiniti qx	scope:	eq	version:	2014-2016800	Trust: 0.3
vendor:	continental	model:	ag infiniti q70l	scope:	eq	version:	2014-20160	Trust: 0.3
vendor:	continental	model:	ag infiniti q70	scope:	eq	version:	2014-20160	Trust: 0.3
vendor:	continental	model:	ag infiniti qx50 hybrid	scope:	eq	version:	2014-20150	Trust: 0.3
vendor:	continental	model:	ag infiniti qx50	scope:	eq	version:	2014-20150	Trust: 0.3
vendor:	continental	model:	ag infiniti qx56	scope:	eq	version:	20130	Trust: 0.3
vendor:	continental	model:	ag infiniti m37/m56	scope:	eq	version:	20130	Trust: 0.3
vendor:	continental	model:	ag infiniti jx35	scope:	eq	version:	20130	Trust: 0.3
vendor:	continental	model:	ag infineon s-gold (pmb	scope:	eq	version:	28876)0	Trust: 0.3
vendor:	s gold 2 pmb 8876	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e123af2d-e7c8-4ada-9bd8-bf07c0f405d8 // CNVD: CNVD-2017-18627 // BID: 100132 // JVNDB: JVNDB-2017-007277 // CNNVD: CNNVD-201706-875 // NVD: CVE-2017-9633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9633
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2017-9633
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-9633
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-18627
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201706-875
value:	HIGH
Trust: 0.6
IVD:	e123af2d-e7c8-4ada-9bd8-bf07c0f405d8
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-9633
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-18627
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e123af2d-e7c8-4ada-9bd8-bf07c0f405d8
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-9633
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2017-9633
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: IVD: e123af2d-e7c8-4ada-9bd8-bf07c0f405d8 // CNVD: CNVD-2017-18627 // JVNDB: JVNDB-2017-007277 // CNNVD: CNNVD-201706-875 // NVD: CVE-2017-9633 // NVD: CVE-2017-9633

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-007277 // NVD: CVE-2017-9633

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201706-875

TYPE

Buffer error

Trust: 0.8

sources: IVD: e123af2d-e7c8-4ada-9bd8-bf07c0f405d8 // CNNVD: CNNVD-201706-875

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007277

PATCH

title:

トップページ

url:

https://www.infineon.com/cms/jp/

Trust: 0.8

sources: JVNDB: JVNDB-2017-007277

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9633	Trust: 3.5
db:	ICS CERT	id:	ICSA-17-208-01	Trust: 3.3
db:	BID	id:	100132	Trust: 1.9
db:	CNVD	id:	CNVD-2017-18627	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-875	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007277	Trust: 0.8
db:	IVD	id:	E123AF2D-E7C8-4ADA-9BD8-BF07C0F405D8	Trust: 0.2

sources: IVD: e123af2d-e7c8-4ada-9bd8-bf07c0f405d8 // CNVD: CNVD-2017-18627 // BID: 100132 // JVNDB: JVNDB-2017-007277 // CNNVD: CNNVD-201706-875 // NVD: CVE-2017-9633

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-208-01	Trust: 3.3
url:	http://www.securityfocus.com/bid/100132	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9633	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9633	Trust: 0.8
url:	http://securityaffairs.co/wordpress/61587/hacking/tcus-car-hacking.html	Trust: 0.6
url:	https://media.defcon.org/def%20con%2025/def%20con%2025%20presentations/defcon-25-jesse-michael-and-mickey-shkatov-driving-down-the-rabbit-hole.pdf	Trust: 0.6
url:	https://www.continental-corporation.com/en	Trust: 0.3

sources: CNVD: CNVD-2017-18627 // BID: 100132 // JVNDB: JVNDB-2017-007277 // CNNVD: CNNVD-201706-875 // NVD: CVE-2017-9633

CREDITS

Mickey Shkatov, Jesse Michael, and Oleksandr Bazhaniuk

Trust: 0.3

sources: BID: 100132

SOURCES

db:	IVD	id:	e123af2d-e7c8-4ada-9bd8-bf07c0f405d8
db:	CNVD	id:	CNVD-2017-18627
db:	BID	id:	100132
db:	JVNDB	id:	JVNDB-2017-007277
db:	CNNVD	id:	CNNVD-201706-875
db:	NVD	id:	CVE-2017-9633

LAST UPDATE DATE

2025-05-07T23:18:08.668000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-18627	date:	2017-08-03T00:00:00
db:	BID	id:	100132	date:	2017-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-007277	date:	2017-09-15T00:00:00
db:	CNNVD	id:	CNNVD-201706-875	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-9633	date:	2025-05-06T15:15:52.377

SOURCES RELEASE DATE

db:	IVD	id:	e123af2d-e7c8-4ada-9bd8-bf07c0f405d8	date:	2017-08-03T00:00:00
db:	CNVD	id:	CNVD-2017-18627	date:	2017-08-03T00:00:00
db:	BID	id:	100132	date:	2017-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-007277	date:	2017-09-15T00:00:00
db:	CNNVD	id:	CNNVD-201706-875	date:	2017-06-21T00:00:00
db:	NVD	id:	CVE-2017-9633	date:	2017-08-07T08:29:00.447