PatchSiren cyber security CVE debrief
CVE-2024-12054 ZF CVE debrief
CVE-2024-12054 is a medium-severity authentication bypass vulnerability in ZF's RSSPlus 2M Roll Stability Support Plus system, published by CISA on January 21, 2025. The vulnerability stems from deterministic SecurityAccess service seeds that allow attackers to predict authentication tokens and remotely invoke diagnostic functions intended only for workshop or repair scenarios. Attack vectors include proximal/adjacent RF equipment or pivoting through J2497 telematics devices. Successful exploitation can degrade system performance or erase software, though the vehicle remains in a safe state. The affected product covers builds from January 2008 through January 2023. CISA's advisory provides extensive mitigation guidance including migrating away from J2497 powerline communication, implementing modern authentication protocols (0x29), deploying hardware true random number generators, and specific NMFTA-recommended countermeasures such as LAMP ON firewalls, RF chokes, and dynamic address changes.
- Vendor
- ZF
- Product
- RSSPlus 2M
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-21
- Original CVE updated
- 2025-01-21
- Advisory published
- 2025-01-21
- Advisory updated
- 2025-01-21
Who should care
Fleet operators, heavy vehicle maintenance providers, telematics integrators, and automotive security engineers responsible for J2497-based trailer-tractor communication systems.
Technical summary
The RSSPlus 2M system uses predictable SecurityAccess seeds that enable attackers to calculate keys without legitimate credentials. This UDS (Unified Diagnostic Services) protocol weakness allows unauthorized diagnostic session establishment. Attackers with RF equipment proximity or J2497 bus access can invoke workshop-level functions including software erasure. The vulnerability affects builds spanning 2008-2023, indicating long-standing use of weak cryptographic primitives in vehicle stability control systems.
Defensive priority
medium
Recommended defensive actions
- Disable non-essential J2497 powerline communication features on trucks, trailers, and tractors; retain only LAMP ON detection for backwards compatibility
- Migrate trailer diagnostics to modern trailer bus technology when acquiring new equipment
- Remove J2497 message reception support on new tractors except for LAMP messages
- Replace SecurityAccess authentication with authenticate service (0x29) per latest UDS security specifications
- Implement cryptographically secure hardware true random number generators for seed generation
- Deploy LAMP ON firewalls on each ECU to filter unauthorized diagnostic traffic
- Install LAMP detect circuits with LAMP ON senders on each trailer
- Configure dynamic address changes on tractors when transmitters are detected on current addresses
Evidence notes
The vulnerability description and affected product range are derived directly from CISA's CSAF-formatted advisory. CVSS 3.1 vector AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H confirms adjacent network attack vector with high attack complexity. The deterministic seed weakness is explicitly documented in the source advisory.
Official resources
-
CVE-2024-12054 CVE record
CVE.org
-
CVE-2024-12054 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-021-03 on January 21, 2025, disclosing this vulnerability with coordinated vendor involvement.