ByteOS Network

NVD Vulnerability Details :

CVE-2017-9647

Deferred

Source-ics-cert@hq.dhs.gov

Published At-07 Aug, 2017 | 08:29

Updated At-20 Apr, 2025 | 01:37

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.6	MEDIUM	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

infineon>>s-gold_2_pmb_8876>>-

cpe:2.3:h:infineon:s-gold_2_pmb_8876:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-121	Secondary	ics-cert@hq.dhs.gov
CWE-119	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/100132	ics-cert@hq.dhs.gov	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01	ics-cert@hq.dhs.gov	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/100132	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History