Vulnerabilities > CVE-2022-3093 - Unspecified vulnerability in Tesla products

CVSS 6.4 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

high complexity

tesla

NVD

Published: 2023-03-29

Updated: 2024-11-21

Summary

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.

Vulnerable Configurations

Part	Description	Count
OS	Tesla Tesla Model 3 Firmware - Tesla Model 3 Firmware 11.0 Tesla Model 3 Firmware 2022-03-26 Tesla Model S Firmware - Tesla Model S Firmware 2022-03-26 Tesla Model X Firmware - Tesla Model X Firmware 2020-11-23 Tesla Model X Firmware 2022-03-26 Tesla Model Y Firmware *	9
Hardware	Tesla Tesla Model 3 - Tesla Model S - Tesla Model X - Tesla Model Y -	4

Summary

Vulnerable Configurations

References