Automotive Zero-Day
Vulnerabilities

The Criticality of Zero-Day Vulnerabilities
Beyond Known Threats

Zero-day vulnerabilities currently have no vendor patch solution, but their exploitability has already been confirmed. What does this mean to organizations and enterprises?

Potential for Serious Damage

Confirmed zero-day vulnerabilities empower malicious actors to exploit them to execute attacks that could have dire consequences.

Lack of Defense

In the absence of a solution, attackers have ample time to exploit zero-day vulnerabilities repeatedly.

Wide-Ranging Impact

Given that the same open-source software and modules are utilized across multiple ECUs, zero-day vulnerabilities can affect numerous components.

Real-World Exploits Triggered by Zero-Day Vulnerabilities

at Pwn2Own Vancouver

Real-World Exploit Intelligence

The Latest Automotive Zero-Day Vulnerability Database

The following is a list of automotive vulnerabilities discovered by researchers through Trend Micro’s Zero Day Initiative (ZDI) that are yet to be publicly disclosed. This initial list comprises zero-day vulnerabilities discovered at Pwn2Own Automotive, hosted by VicOne with the ZDI. For each vulnerability, the affected vendor has been contacted and is expected to develop a patch. These vulnerabilities are handled according to the ZDI Disclosure Policy. The zero-day identifier of a vulnerability refers to the candidate (CAN) number assigned to the vulnerability by the ZDI.

Zero-day identifier	CVE	Affected vendor	Category	Impact

Want to know if you’ve been impacted?
Contact us to assess risks

Gain Advantage With
Unique Zero-Day Insights

VicOne’s best-in-class automotive threat intelligence includes early access to vital information on automotive zero-day vulnerabilities:

Gain Early Warning: We empower OEMs, suppliers, and stakeholders with risk assessment capabilities. We will assess whether your components or software versions are impacted by zero-day vulnerabilities ahead of competitors, allowing for better resource allocation during planning. This approach complies with the spirit of ISO/SAE 21434 by helping you monitor newly emerged vulnerabilities.
Gain Early Protection: We will evaluate how to collaborate with you based on attack tactics, techniques, and procedures to create effective virtual patches for safeguarding your system.

Want to know if you’ve been impacted?
Contact us to assess risks

GO TO EVENT PAGE

No. 1

in vulnerability discovery and disclosure since 2007*

5+ years

of partnership with Tesla for Pwn2Own, starting in 2017

*Source: Omdia Research, Quantifying the Public Vulnerability Market: 2024 Edition

More Insights Into Automotive
Zero-Day Vulnerabilities From VicOne

Blog
Security Mitigations for the Multiple Zero-Day Vulnerabilities Discovered in an IVI System

November 18, 2024
The ZDI has identified six zero-day vulnerabilities in an in-vehicle infotainment (IVI) system. As these vulnerabilities remain unpatched, we recommend security best practices to minimize their potential risks and fortify connected vehicles’ IVI systems.
Read More 
Blog
Exploiting the Emporia EV Charger: A Hacker’s Point of View

November 13, 2024
Exposed serial interfaces in electric vehicle (EV) chargers present a significant vulnerability, enabling attackers to tamper with hardware and firmware. This creates opportunities for malicious activities, highlighting the need for strong security measures to prevent such exploits.
Read More 
Blog
Why Container Security Matters in the Software-Defined Vehicle Landscape

November 8, 2024
Software containers streamline the development of software-defined vehicles (SDVs), but they also bring new security risks. Addressing these risks is essential to ensure the integrity of SDV systems.
Read More 
Blog
AI-Powered Defense and Beyond: Harnessing Intelligence to Uncover and Address Automotive Zero-Day Vulnerabilities

November 8, 2024
Google’s Project Zero recently identified a zero-day vulnerability using an AI-assisted framework, marking a promising breakthrough in vulnerability detection. We examine the importance of AI technologies and other strategies in ensuring a more comprehensive approach to automotive cybersecurity.
Read More 

VISIT OUR BLOG

Automotive Zero-Day Vulnerabilities

The Criticality of Zero-Day Vulnerabilities Beyond Known Threats

Potential for Serious Damage

Lack of Defense

Wide-Ranging Impact

Real-World Exploits Triggered by Zero-Day Vulnerabilities

Real-World Exploit Intelligence

The Latest Automotive Zero-Day Vulnerability Database

Gain Advantage With Unique Zero-Day Insights

More Insights Into Automotive Zero-Day Vulnerabilities From VicOne

Security Mitigations for the Multiple Zero-Day Vulnerabilities Discovered in an IVI System

Exploiting the Emporia EV Charger: A Hacker’s Point of View

Why Container Security Matters in the Software-Defined Vehicle Landscape

AI-Powered Defense and Beyond: Harnessing Intelligence to Uncover and Address Automotive Zero-Day Vulnerabilities

Shift to the Best Automotive Zero-Day Threat Intelligence

Automotive Zero-Day
Vulnerabilities

The Criticality of Zero-Day Vulnerabilities
Beyond Known Threats

Gain Advantage With
Unique Zero-Day Insights

More Insights Into Automotive
Zero-Day Vulnerabilities From VicOne