Primary

Context

TCAS II Impersonation Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability exists in TCAS II systems with transponders compliant with MOPS prior to RTCA DO-181F. An attacker can impersonate a ground station and send a Comm-A Identity Request, which can lower the Sensitivity Level Control (SLC) and disable the Resolution Advisory (RA). This manipulation creates a denial-of-service condition by disrupting normal collision avoidance operations.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by disabling critical collision avoidance alerts, potentially leading to unsafe flight situations.

Remediation

To mitigate this vulnerability, TCAS II systems should be upgraded to ACAS X or the associated transponder should be updated to comply with RTCA DO-181F.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TCAS II Impersonation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating