CVE-2024-51074: n/a
Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which typically has no value to an adversary). Also, this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification.
AI Analysis
Technical Summary
CVE-2024-51074 identifies an incorrect access control vulnerability in the instrument cluster of the KIA Seltos vehicle, specifically in software and hardware version 1.0. The instrument cluster interfaces with the vehicle's CAN (Controller Area Network) bus, which is used for communication between various electronic control units (ECUs). The vulnerability allows an attacker with access to the CAN network to send crafted messages that arbitrarily increase the odometer reading. This is possible because the instrument cluster does not properly restrict access to the odometer value modification commands. However, the supplier disputes the practical impact, arguing that the CAN bus is not exposed externally, limiting attack vectors to physical or highly privileged access scenarios. Furthermore, the odometer can only be incremented, not decremented, which reduces the potential for fraud or manipulation. The test environment used to discover this issue was an isolated ECU, not a fully integrated vehicle, which may not reflect real-world conditions. The observed behavior is consistent with the Unified Diagnostic Services (UDS) protocol, which defines diagnostic communication in vehicles. The CVSS 3.1 score of 6.7 reflects a medium severity, with attack vector classified as physical access (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) affecting confidentiality, integrity, and availability to varying degrees. No patches or exploits are currently reported.
Potential Impact
The primary impact of this vulnerability is the potential manipulation of the vehicle's odometer reading, which can affect vehicle resale value, warranty claims, and maintenance records. While the ability to only increase the odometer limits some fraudulent uses, it still undermines trust in vehicle data integrity. There is no direct impact on vehicle safety or operational control, so the risk to driver safety or vehicle availability is low. However, organizations involved in vehicle fleet management, resale, or leasing could face financial and reputational risks if odometer tampering occurs undetected. The requirement for physical or CAN network access limits the scope of exploitation, reducing the likelihood of widespread attacks. The lack of known exploits in the wild further reduces immediate risk, but the vulnerability highlights potential weaknesses in vehicle network security and access controls that could be exploited in more complex attack scenarios.
Mitigation Recommendations
To mitigate this vulnerability, organizations and vehicle owners should ensure that physical access to the vehicle's CAN bus is strictly controlled and monitored. Automotive service centers and fleet operators should implement secure diagnostic procedures that restrict unauthorized access to the instrument cluster and CAN network. Manufacturers should consider firmware updates that enforce stricter access controls on odometer modification commands, including authentication and integrity checks aligned with the UDS protocol. Deployment of intrusion detection systems (IDS) for in-vehicle networks can help detect anomalous CAN messages indicative of tampering attempts. Additionally, integrating cryptographic protections and secure boot mechanisms in ECUs can prevent unauthorized firmware or message injection. Regular audits and inspections of vehicle instrument clusters and odometer readings can help detect inconsistencies early. Collaboration with suppliers to validate test environments and ensure realistic security assessments is also recommended to avoid false positives or underestimations of risk.
Affected Countries
South Korea, United States, India, United Kingdom, Germany, Canada, Australia, United Arab Emirates
CVE-2024-51074: n/a
Description
Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which typically has no value to an adversary). Also, this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-51074 identifies an incorrect access control vulnerability in the instrument cluster of the KIA Seltos vehicle, specifically in software and hardware version 1.0. The instrument cluster interfaces with the vehicle's CAN (Controller Area Network) bus, which is used for communication between various electronic control units (ECUs). The vulnerability allows an attacker with access to the CAN network to send crafted messages that arbitrarily increase the odometer reading. This is possible because the instrument cluster does not properly restrict access to the odometer value modification commands. However, the supplier disputes the practical impact, arguing that the CAN bus is not exposed externally, limiting attack vectors to physical or highly privileged access scenarios. Furthermore, the odometer can only be incremented, not decremented, which reduces the potential for fraud or manipulation. The test environment used to discover this issue was an isolated ECU, not a fully integrated vehicle, which may not reflect real-world conditions. The observed behavior is consistent with the Unified Diagnostic Services (UDS) protocol, which defines diagnostic communication in vehicles. The CVSS 3.1 score of 6.7 reflects a medium severity, with attack vector classified as physical access (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) affecting confidentiality, integrity, and availability to varying degrees. No patches or exploits are currently reported.
Potential Impact
The primary impact of this vulnerability is the potential manipulation of the vehicle's odometer reading, which can affect vehicle resale value, warranty claims, and maintenance records. While the ability to only increase the odometer limits some fraudulent uses, it still undermines trust in vehicle data integrity. There is no direct impact on vehicle safety or operational control, so the risk to driver safety or vehicle availability is low. However, organizations involved in vehicle fleet management, resale, or leasing could face financial and reputational risks if odometer tampering occurs undetected. The requirement for physical or CAN network access limits the scope of exploitation, reducing the likelihood of widespread attacks. The lack of known exploits in the wild further reduces immediate risk, but the vulnerability highlights potential weaknesses in vehicle network security and access controls that could be exploited in more complex attack scenarios.
Mitigation Recommendations
To mitigate this vulnerability, organizations and vehicle owners should ensure that physical access to the vehicle's CAN bus is strictly controlled and monitored. Automotive service centers and fleet operators should implement secure diagnostic procedures that restrict unauthorized access to the instrument cluster and CAN network. Manufacturers should consider firmware updates that enforce stricter access controls on odometer modification commands, including authentication and integrity checks aligned with the UDS protocol. Deployment of intrusion detection systems (IDS) for in-vehicle networks can help detect anomalous CAN messages indicative of tampering attempts. Additionally, integrating cryptographic protections and secure boot mechanisms in ECUs can prevent unauthorized firmware or message injection. Regular audits and inspections of vehicle instrument clusters and odometer readings can help detect inconsistencies early. Collaboration with suppliers to validate test environments and ensure realistic security assessments is also recommended to avoid false positives or underestimations of risk.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-10-28T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6baab7ef31ef0b557a47
Added to database: 2/25/2026, 9:37:46 PM
Last enriched: 2/26/2026, 1:20:15 AM
Last updated: 4/12/2026, 12:21:48 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.