Find a vulnerability
Search criteria
1 vulnerability by pektron
VAR-201809-0750
Vulnerability from variot - Updated: 2024-11-23 22:51A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. Pektron Passive Keyless Entry and Start (PKES) There are cryptographic vulnerabilities in the system.Information may be tampered with. The Tesla Model S is an electric car produced by Tesla. The PKES system used in the Tesla Model S and other devices has a security flaw that stems from the fact that the PKES system relies on the DST40 cipher. An attacker could exploit this vulnerability to clone car keys in seconds
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0750",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "passive keyless entry and start system",
"scope": "eq",
"trust": 1.6,
"vendor": "pektron",
"version": null
},
{
"model": "passive keyless entry and start system",
"scope": null,
"trust": 0.8,
"vendor": "pektron",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-439"
},
{
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:pektron:passive_keyless_entry_and_start_system_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
}
]
},
"cve": "CVE-2018-16806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-16806",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-127202",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-16806",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-16806",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-439",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-127202",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2018-16806",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127202"
},
{
"db": "VULMON",
"id": "CVE-2018-16806"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-439"
},
{
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. Pektron Passive Keyless Entry and Start (PKES) There are cryptographic vulnerabilities in the system.Information may be tampered with. The Tesla Model S is an electric car produced by Tesla. The PKES system used in the Tesla Model S and other devices has a security flaw that stems from the fact that the PKES system relies on the DST40 cipher. An attacker could exploit this vulnerability to clone car keys in seconds",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16806"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"db": "VULHUB",
"id": "VHN-127202"
},
{
"db": "VULMON",
"id": "CVE-2018-16806"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16806",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013170",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-439",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-127202",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16806",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127202"
},
{
"db": "VULMON",
"id": "CVE-2018-16806"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-439"
},
{
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"id": "VAR-201809-0750",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127202"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:51:59.824000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pektron.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127202"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16806"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16806"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149744"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127202"
},
{
"db": "VULMON",
"id": "CVE-2018-16806"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-439"
},
{
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-127202"
},
{
"db": "VULMON",
"id": "CVE-2018-16806"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-439"
},
{
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-127202"
},
{
"date": "2018-09-10T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16806"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"date": "2018-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-439"
},
{
"date": "2018-09-10T23:29:00.407000",
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-127202"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16806"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013170"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-439"
},
{
"date": "2024-11-21T03:53:23.163000",
"db": "NVD",
"id": "CVE-2018-16806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-439"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pektron Passive Keyless Entry and Start Cryptographic vulnerabilities in systems",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-439"
}
],
"trust": 0.6
}
}