CVE-2024-51072

Name of the Vulnerable Software and Affected Versions: KIA Seltos vehicle instrument cluster software version 1.0 KIA Seltos vehicle instrument cluster hardware version 1.0

Description: The issue allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. It is noted that the findings came from a potentially unrealistic test environment and the ECUReset specification does not allow a manufacturer to require SecurityAccess and Authentication.

Recommendations: For KIA Seltos vehicle instrument cluster software version 1.0, consider disabling the ECU reset UDS service as a temporary workaround until a patch is available. For KIA Seltos vehicle instrument cluster hardware version 1.0, restrict access to the ECU reset functionality to minimize the risk of exploitation.