CVE-2024-11166

Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability

CVSS 7.1 HIGHEPSS 0.3%CWE-15

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 0.3%KEV nãoPoC —Patch —

Lifecycle

22 Jan 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected products

Traffic Alert and Collision Avoidance System (TCAS) II · Collision Avoidance Systems

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01