CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2020-29440
https://notcve.org/view.php?id=CVE-2020-29440
30 Nov 2020 — Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob. Los vehículos Tesla Model X anterior al 23-11-2020 no realizan la comprobación del certificado durante un intento de emparejar un nuevo llavero con el módulo de control de carrocería (BCM). Esto permi... • https://www.wired.com/story/tesla-model-x-hack-bluetooth • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15912
https://notcve.org/view.php?id=CVE-2020-15912
23 Jul 2020 — Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue **EN DISPUTA** Los vehículos Tesla Model 3, permiten a atacantes abrir una puerta al aprovechar el acceso a una tarjeta de acceso legítima y luego usar el NFC Relay. NOTA: el proveedor ha desarrollado Pin2Drive para mitigar este problema • https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 4CVE-2020-10558
https://notcve.org/view.php?id=CVE-2020-10558
20 Mar 2020 — The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen. La interfaz de manejo de Tesla Model 3 en cualquier versión anterior a 2020.4.10, permite que se presente una Denegación de Servicio debido a una sep... • https://github.com/nullze/CVE-2020-10558 •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2019-9977
https://notcve.org/view.php?id=CVE-2019-9977
24 Mar 2019 — The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants. El proceso renderer en el sistema de entretenimiento en los vehículos de Tesla modelo 3 gestiona de manera incorrecta la compilación JIT, lo que permite que los atacantes desencadenen la ejecución de código del firmware y muestren un mensaje manipulado a los ocupantes del vehículo. • http://www.securityfocus.com/bid/107551 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9337
https://notcve.org/view.php?id=CVE-2016-9337
13 Feb 2017 — An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection. Ha sido descubierto un problema en Tesla Motors Model S automobile, todas las versiones de firmware anteriores a la versión 7.1 (2.36.31) con funcionalidad de navega... • http://www.securityfocus.com/bid/94697 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •