CVSS: 7.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3093 – Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3093
This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-1188 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27948
https://notcve.org/view.php?id=CVE-2022-27948
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended Determinados vehículos Tesla versiones hasta 26-03-2022, permiten a atacantes abrir el puerto de carga por medio de una señal de RF de 315 MHz que contiene una secuencia fija de aproximadamente cien símbolos • https://github.com/pompel123/Tesla-Charging-Port-Opener https://twitter.com/IfNotPike/status/1507818836568858631 https://twitter.com/IfNotPike/status/1507852693699661827 • CWE-862: Missing Authorization •