Automotive Zero-Day

The Criticality of Zero-Day Vulnerabilities
Beyond Known Threats

Zero-day vulnerabilities currently have no vendor patch solution, but their exploitability has already been confirmed. What does this mean to organizations and enterprises?

Potential for Serious Damage

Potential for Serious Damage

Confirmed zero-day vulnerabilities empower malicious actors to exploit them to execute attacks that could have dire consequences.

Lack of Defense

Lack of Defense

In the absence of a solution, attackers have ample time to exploit zero-day vulnerabilities repeatedly.

Wide-Ranging Impact

Wide-Ranging Impact

Given that the same open-source software and modules are utilized across multiple ECUs, zero-day vulnerabilities can affect numerous components.

Real-World Exploits Triggered by Zero-Day Vulnerabilities

at Pwn2Own Vancouver

Real-World Exploit Intelligence

The Latest Automotive Zero-Day Vulnerability Database

The following is a list of automotive vulnerabilities discovered by researchers through Trend Micro’s Zero Day Initiative (ZDI) that are yet to be publicly disclosed. This initial list comprises zero-day vulnerabilities discovered at Pwn2Own Automotive, hosted by VicOne with the ZDI. For each vulnerability, the affected vendor has been contacted and is expected to develop a patch. These vulnerabilities are handled according to the ZDI Disclosure Policy. The zero-day identifier of a vulnerability refers to the candidate (CAN) number assigned to the vulnerability by the ZDI.

Zero-day identifier CVE Affected vendor Category Impact

Want to know if you’ve been impacted?
Contact us to assess risks

Gain Advantage With
Unique Zero-Day Insights

VicOne’s best-in-class automotive threat intelligence includes early access to vital information on automotive zero-day vulnerabilities:

  • Gain Early Warning: We empower OEMs, suppliers, and stakeholders with risk assessment capabilities. We will assess whether your components or software versions are impacted by zero-day vulnerabilities ahead of competitors, allowing for better resource allocation during planning. This approach complies with the spirit of ISO/SAE 21434 by helping you monitor newly emerged vulnerabilities.
  • Gain Early Protection: We will evaluate how to collaborate with you based on attack tactics, techniques, and procedures to create effective virtual patches for safeguarding your system.

Want to know if you’ve been impacted?
Contact us to assess risks

No. 1

in vulnerability discovery and disclosure since 2007*

5+ years

of partnership with Tesla for Pwn2Own, starting in 2017

*Source: Omdia Research: Quantifying the Public Vulnerability Market: 2022 Edition

More Insights Into Automotive
Zero-Day Vulnerabilities From VicOne


Shift to the Best Automotive Zero-Day Threat Intelligence

Contact Us