Sign-up

ID

VAR-201907-0427


CVE

CVE-2019-12797


TITLE

ELM327 OBD2 Bluetooth Vulnerabilities related to the use of hard-coded credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-007433

DESCRIPTION

A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. ELM327 OBD2 Bluetooth The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Elm Electronics ELM327 OBD2 Bluetooth is a Bluetooth device for scanning and reading vehicle codes from Elm Electronics Canada. A trust management issue vulnerability exists in the Elm Electronics ELM327 OBD2 Bluetooth device. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.8

sources: NVD: CVE-2019-12797 // JVNDB: JVNDB-2019-007433 // VULHUB: VHN-144579 // VULMON: CVE-2019-12797

IOT TAXONOMY

category:['vehicle device']sub_category:vehicle

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:elmelectronicsmodel:elm27scope:eqversion: -

Trust: 1.0

vendor:elmmodel:elm327scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007433 // NVD: CVE-2019-12797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12797
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-12797
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201907-1633
value: CRITICAL

Trust: 0.6

VULHUB: VHN-144579
value: HIGH

Trust: 0.1

VULMON: CVE-2019-12797
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12797
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-144579
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12797
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-12797
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144579 // VULMON: CVE-2019-12797 // JVNDB: JVNDB-2019-007433 // CNNVD: CNNVD-201907-1633 // NVD: CVE-2019-12797

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-144579 // JVNDB: JVNDB-2019-007433 // NVD: CVE-2019-12797

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1633

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1633

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007433

PATCH
title:Top Pageurl:https://www.elmelectronics.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-007433

EXTERNAL IDS
db:NVDid:CVE-2019-12797
Trust: 2.7
db:JVNDBid:JVNDB-2019-007433
Trust: 0.8
db:CNNVDid:CNNVD-201907-1633
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-144579
Trust: 0.1
db:VULMONid:CVE-2019-12797
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-144579 // 
            
            
            
            VULMON: CVE-2019-12797 // 
            
            
            
            JVNDB: JVNDB-2019-007433 // 
            
            
            
            CNNVD: CNNVD-201907-1633 // 
            
            
            
            NVD: CVE-2019-12797

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-12797
Trust: 1.4
url:https://www.kth.se/polopoly_fs/1.914063.1561621564!/marstorp%20%26%20lindstrom%2c%20security%20testing%20of%20an%20obd-ii%20connected%20iot%20device.pdf
Trust: 1.4
url:https://www.kth.se/polopoly_fs/1.914060.1561621279%21/ludvig%20and%20daniel_final_dongles.pdf
Trust: 1.1
url:https://www.kth.se/polopoly_fs/1.917488.1564430206%21/elm327.pdf
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12797
Trust: 0.8
url:https://www.kth.se/polopoly_fs/1.914060.1561621279!/ludvig%20and%20daniel_final_dongles.pdf
Trust: 0.7
url:https://www.kth.se/polopoly_fs/1.917488.1564430206!/elm327.pdf
Trust: 0.7
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-144579 // 
            
            
            
            VULMON: CVE-2019-12797 // 
            
            
            
            JVNDB: JVNDB-2019-007433 // 
            
            
            
            CNNVD: CNNVD-201907-1633 // 
            
            
            
            NVD: CVE-2019-12797

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-144579
db:VULMONid:CVE-2019-12797
db:JVNDBid:JVNDB-2019-007433
db:CNNVDid:CNNVD-201907-1633
db:NVDid:CVE-2019-12797

LAST UPDATE DATE
2025-01-30T21:05:43.068000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144579date:2023-03-03T00:00:00
db:VULMONid:CVE-2019-12797date:2019-08-22T00:00:00
db:JVNDBid:JVNDB-2019-007433date:2019-08-09T00:00:00
db:CNNVDid:CNNVD-201907-1633date:2019-08-23T00:00:00
db:NVDid:CVE-2019-12797date:2024-11-21T04:23:35.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-144579date:2019-07-31T00:00:00
db:VULMONid:CVE-2019-12797date:2019-07-31T00:00:00
db:JVNDBid:JVNDB-2019-007433date:2019-08-09T00:00:00
db:CNNVDid:CNNVD-201907-1633date:2019-07-31T00:00:00
db:NVDid:CVE-2019-12797date:2019-07-31T19:15:15.823