Security News > 2024 > January > Tesla hacks make big bank at Pwn2Own's first automotive-focused event
Five $60,000 bounties - the second-highest monetary awards behind Synacktiv's $100k Tesla hacks - were awarded for attacks on EV chargers manufactured by Emporia, ChargePoint, Ubiquiti, Phoenix and JuiceBox.
Three attacks against Automotive Grade Linux were also attempted, with only one succeeding.
CVSS 10.0 - Multiple CVEs: MachineSense FeverWarn temperature checking kiosks contain hard coded credentials, missing authentication and improper access control, which could be exploited to give an attacker control over devices.
CVSS 9.8 - Multiple CVEs: Voltronic Power ViewPower Pro UPS management software version 2.0-22165 contains a series of vulnerabilities that could allow an attacker to trigger DoS, steal admin credentials and execute remote code.
CVSS 8.8 - CVE-2022-44037: APsystems ECU-C power control software contains an improper access control bug that could give an attacker full admin access without authenticating.
CVSS 8.0 - Multiple CVEs: Westermo Lynx 206-F2G layer three industrial ethernet switches running firmware 4.24 contain a series of vulnerabilities that an attacker could use to inject code, execute commands and the like.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/29/infosec_news_roundup_in_brief/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-29 | CVE-2022-44037 | Unspecified vulnerability in Apsystems Ecu-C Firmware An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. low complexity apsystems | 8.8 |