CVE-2024-12054

ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness

Description

ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics devices) call diagnostic functions intended for workshop or repair scenarios. This can impact system availability, potentially degrading performance or erasing software, however the vehicle remains in a safe vehicle state.

Remediation

Workaround:

  • To most effectively mitigate general vulnerabilities of the powerline communication, any trucks, trailers, and tractors utilizing J2497 technology should disable all features where possible, except for backwards-compatibility with LAMP ON detection only. Users acquiring new trailer equipment should migrate all diagnostics to newer trailer bus technology. Users acquiring new tractor equipment should remove support for reception of any J2497 message other than LAMP messages.
  • ZF recommends: * Moving away from security access and implementing the latest security feature authenticate (0x29).  * Ensure random numbers are generated from a cryptographically secure hardware true random number generator.  * Adopting modern standards/protocols for truck trailer communication.
  • NMFTA has published detailed information about how to mitigate these issues in the following ways: * Install a LAMP ON firewall for each ECU.  * Use a LAMP detect circuit LAMP ON sender with each trailer.  * Change addresses dynamically on each tractor in response to detecting a transmitter on its current address.  * Install RF chokes on each trailer between chassis ground and wiring ground.  * Load with LAMP keyhole signal on each tractor.  * Flood with jamming signal on each tractor.  Please visit NMFTA https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf for additional details on these and other solutions.

Category

5.9
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.05%
Affected: ZF RSSPlus 2M
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03
https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf

Frequently Asked Questions

What is the severity of CVE-2024-12054?
CVE-2024-12054 has been scored as a medium severity vulnerability.
How to fix CVE-2024-12054?
As a workaround for remediating CVE-2024-12054: To most effectively mitigate general vulnerabilities of the powerline communication, any trucks, trailers, and tractors utilizing J2497 technology should disable all features where possible, except for backwards-compatibility with LAMP ON detection only. Users acquiring new trailer equipment should migrate all diagnostics to newer trailer bus technology. Users acquiring new tractor equipment should remove support for reception of any J2497 message other than LAMP messages.
Is CVE-2024-12054 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-12054 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-12054?
CVE-2024-12054 affects ZF RSSPlus 2M.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.