NVD Vulnerability Detail

CVE-2017-9647

Summary	A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.
Publication Date	Aug. 7, 2017, 5:29 p.m.
Registration Date	Jan. 26, 2021, 1:31 p.m.
Last Update	Nov. 21, 2024, 12:36 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:h:infineon:s-gold_2_pmb_8876:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/100132	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/100132	Third Party Advisory VDB Entry
3	https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01	Third Party Advisory US Government Resource
4	https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01	Third Party Advisory US Government Resource

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

複数の自動車に搭載されている Continental AG Infineon S-Gold 2 チップセットにおけるバッファエラーの脆弱性

Title	複数の自動車に搭載されている Continental AG Infineon S-Gold 2 チップセットにおけるバッファエラーの脆弱性
Summary	BMW、Ford、Infiniti、および Nissan の複数のモデルに搭載されている Continental AG Infineon S-Gold 2 (PMB 8876) チップセットには、バッファエラーの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	July 27, 2017, midnight
Registration Date	Sept. 15, 2017, 3:40 p.m.
Last Update	Sept. 15, 2017, 3:40 p.m.

Affected System

Infineon Technologies AG

Infineon S-Gold 2 (PMB 8876)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-9647	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9647
National Vulnerability Database (NVD)
2	CVE-2017-9647	https://nvd.nist.gov/vuln/detail/CVE-2017-9647

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Infineon
1	トップページ	https://www.infineon.com/cms/jp/

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-17-208-01	https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01

Change Log

No	Changed Details	Date of change
0	[2017年09月15日] 掲載	Feb. 17, 2018, 10:37 a.m.