{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-49316", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2026-05-29T07:26:43.198Z", "datePublished": "2026-05-29T12:39:23.104Z", "dateUpdated": "2026-05-29T12:39:23.104Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2026-05-29T12:39:23.104Z"}, "title": "Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown", "datePublic": "2026-05-29T15:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-440", "description": "CWE-440 Expected Behavior Violation", "type": "CWE"}, {"lang": "en", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}, {"lang": "en", "cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Obstruction"}]}, {"descriptions": [{"lang": "en", "value": "Software Integrity Attack"}]}], "affected": [{"vendor": "Indian Motorcycle (Polaris Inc.)", "product": "Scout Bobber + Tech", "platforms": ["OEM Motorcycle"], "modules": ["Wireless Control Module (WCM)"], "versions": [{"status": "affected", "version": "2025", "versionType": "model-year"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a well-known CAN error-frame injection technique against a periodic WCM transmission, the attacker drives the WCM CAN controller's transmit error counter past the bus-off threshold, after which the WCM stops transmitting all messages, including the shutdown command. Peer ECUs do not interpret WCM silence as a security event and continue normal operation, allowing the motorcycle to be operated despite the immobilizer never having been unlocked. Specific protocol details have been withheld pending vendor remediation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a well-known CAN error-frame injection technique against a periodic WCM transmission, the attacker drives the WCM CAN controller's transmit error counter past the bus-off threshold, after which the WCM stops transmitting all messages, including the shutdown command. Peer ECUs do not interpret WCM silence as a security event and continue normal operation, allowing the motorcycle to be operated despite the immobilizer never having been unlocked. Specific protocol details have been withheld pending vendor remediation.</p>"}]}], "references": [{"url": "https://cwe.mitre.org/data/definitions/440.html", "tags": ["technical-description"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.1, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "Treat absence of the WCM heartbeat as a security event in peer ECUs \u2014 command shutdown if the WCM's periodic message is missing beyond a bounded interval. Authenticate the heartbeat with AUTOSAR SecOC or equivalent to prevent post-silence spoofing. Auto-recover the WCM from bus-off and log the event.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Treat absence of the WCM heartbeat as a security event in peer ECUs \u2014 command shutdown if the WCM's periodic message is missing beyond a bounded interval. Authenticate the heartbeat with AUTOSAR SecOC or equivalent to prevent post-silence spoofing. Auto-recover the WCM from bus-off and log the event.</p>"}]}], "timeline": [{"time": "2025-03-26T00:00:00.000Z", "lang": "en", "value": "Reported to Indian Motorcycle by Rustic Security LLC (responsible disclosure)"}], "credits": [{"lang": "en", "value": "Scott Sheahan, Rustic Security LLC", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{}

{}

{}