Ben Gardiner

**Name of the Vulnerable Software and Affected Versions** ZF Roll Stability Support Plus (RSSPlus) (affected versions not specified) **Description** The issue is related to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds. This may allow an attacker to remotely call diagnostic functions intended for workshop or repair scenarios, potentially impacting system availability and degrading performance or erasing software. However, the vehicle remains in a safe state. The attack can be performed remotely with RF equipment or via a pivot from J2497 telematics devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Power Line Communications PLC4TRUCKS J2497 trailer brake controllers (affected versions not specified) **Description** The issue concerns the lack of authentication or authorization for diagnostic functions in the Power Line Communications PLC4TRUCKS J2497 trailer brake controllers. These functions can be invoked by replaying J2497 messages, potentially allowing unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PLC4TRUCKS J2497 trailer receivers (affected versions not specified) **Description** The issue concerns Power Line Communications PLC4TRUCKS J2497 trailer receivers, which are susceptible to remote RF induced signals. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.