{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T21:04:22.203","vulnerabilities":[{"cve":{"id":"CVE-2017-14937","sourceIdentifier":"cve@mitre.org","published":"2017-10-20T14:29:00.193","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment."},{"lang":"es","value":"El algoritmo de detonación del airbag permite que los ocupantes de un turismo sufran heridas mediante datos Security Access (SA) predecibles en el bus CAN (o el conector OBD). Esto afecta a las unidades de control de airbag (también llamadas unidades de control de elementos pirotécnicos o PCU) de vehículos de pasajeros sin especificar fabricados en 2014 o posteriores, cuando la ignición está encendida y la velocidad es inferior a 6 km/h. Específicamente, solo hay 256 pares de claves posibles, mientras que los intentos de autenticación no tienen límite de tasa. Además, la interpretación de al menos un fabricante del estándar ISO 26021 es que debe ser posible calcular la clave directamente (esto es, los otros 255 pares de claves no deben ser utilizados). Su explotación implicaría a un atacante que ha obtenido acceso al bus CAN y que envía un mensaje Unified Diagnostic Service (USD) manipulado para detonar las cargas pirotécnicas. Esto resulta en el mismo riesgo de heridas para el pasajero como en cualquier implementación de airbag."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:pcu:pcu:2014:*:*:*:*:*:*:*","matchCriteriaId":"1BF912B0-66E7-4377-876E-368E191F109B"}]}]}],"references":[{"url":"http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.rapid7.com/db/modules/post/hardware/automotive/pdt","source":"cve@mitre.org"},{"url":"https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts","source":"cve@mitre.org"},{"url":"http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.rapid7.com/db/modules/post/hardware/automotive/pdt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}