CVE-2026-1354
MEDIUM
5,9
Source: [email protected]
Attack Vector: adjacent
Attack Complexity: high
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
6,4
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: high
Description
AI Translation Available
Zero Motorcycles firmware versions 44 and prior enable an attacker to
forcibly pair a device with the motorcycle via Bluetooth. Once paired,
an attacker can utilize over-the-air firmware updating functionality to
potentially upload malicious firmware to the motorcycle. The motorcycle
must first be in Bluetooth pairing mode, and the attacker must be in
proximity of the vehicle and understand the full pairing process, to be
able to pair their device with the vehicle. The attacker's device must
remain paired with and in proximity of the motorcycle for the entire
duration of the firmware update.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0002
Percentile
0,1th
Updated
EPSS Score Trend (Last 4 Days)
322
Key Exchange without Entity Authentication
DraftCommon Consequences
Security Scopes Affected:
Access Control
Confidentiality
Potential Impacts:
Bypass Protection Mechanism
Read Application Data
Applicable Platforms
All platforms may be affected
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-1…
https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-06