ZF Roll Stability Support Plus Authentication Bypass Vulnerability Allowing Unauthorized Remote Diagnostics

An authentication bypass vulnerability has been identified in ZF Roll Stability Support Plus (RSSPlus) versions 2M with build dates from January 8 through at least January 23. This vulnerability allows an attacker to remotely access diagnostic functions intended for workshop or repair scenarios. The exploitation targets deterministic RSSPlus SecurityAccess service seeds and can be executed from a proximal or adjacent position with RF equipment, or by pivoting from J2497 telematics devices. While the vulnerability could degrade system performance or erase software, it does not compromise vehicle safety.

Impact

Exploitation of this vulnerability could enable an unauthenticated attacker to remotely invoke diagnostic functions, potentially disrupting system performance or erasing software, although the vehicle would remain in a safe state.

Remediation

Users should disable all J2497 features except for LAMP ON detection. For new trailer equipment, migrate diagnostics to newer bus technologies. For tractors, remove support for J2497 messages other than LAMP. ZF recommends adopting the latest security features and standards for truck-trailer communication. The National Motor Freight Traffic Association has published a guide with detailed mitigation strategies, including installing LAMP ON firewalls for each ECU, using LAMP ON senders with trailers, and applying RF chokes on trailer wiring.