Friday, June 13, 2025
HomeCVE/vulnerabilityA Critical Software Bug Turns an Airplane to the Wrong Way -...

A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left

Published on

SIEM as a Service

Follow Us on Google News

Recently, security researchers have discovered a very distinct software bug that is marked as a very critical software bug, as it turns an airplane in the wrong way. 

Nav Canada firstly identified this bug in 2017 on a Bombardier CRJ-200, which makes the aircraft to switch to the wrong way, in short, this bug turns the airplane to right instead of left if pilots regulate the pre-set height limit.

Soon after the incident, it was reported to the appropriate authority, and the other reason for this software bug is that the pilots used the FMS’s temperature compensation function in a remarkably cold climate.

- Advertisement - Google News

What’s the problem?

As we said that due to the use of FM’S temperature compensation function by the pilots in a very cold climate, a critical software bug took place as it turns an airplane in the wrong way, or we can say that instead of left they turn towards the right. 

Well, the pilots also said that the airplane just turns to the wrong way as it was heeding the published missed approach, and they also said that this type of misconception generally does not occur.

But, according to one of the professional aviators, selecting the altitude correctly or utilizing temperature compensation does not really alter the flight segment. Thus we can say that just because of the design error, the software imagines the flight division has shifted.  

Moreover, disabling the FMS automatic features are done by the aircraft’s configuration strapping unit (CSU) and reviewing the airplane flight manual (AFM) reservations segment. 

However, Rockwell Collins opposed the FAA and the prescribed steps that are to be perceived regarding it; thus, in Europe this week, it was published that a necessary airworthiness directive organization operators of CRJ-200 aircraft to impair the automatic temperature compensation till mid-June.

After all this discussion, the FAA was not satisfied by this decision, thus disagreed in disabling the FMS feature as it is necessary to address the unsafe condition. And both companies disagreed with the banned of the FMS automatic feature. 

They declared that a software fix would be more accessible to achieve rather than forbidding the use of the electronic calculator.

Well, all have this much idea that all the bugs that took place in the flight are very uncommon. And both Airbus and Boeing have discovered that most of the airline bugs serve to be unexpected memory overflows over the year. 

Moreover, there is a design that is owned by Bombardier, the Airbus A220, that has gone through the same software-induced issues with its engines last year. In contrast, the Boeing 737 was found to have a unique bug that has blanked all cockpit, and it also shows if pilots attempted to land on one of seven distinct runways in the whole world.

So, what do you think about this? Share all your views and thoughts in the comment section below.

Also Read: Radio Tech Used to Hack Everything From Airplanes to Defibrillators

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware

Recent investigations by Check Point Research have uncovered a sophisticated malware campaign that leverages...

Threat Actors Exploit DeepSeek-R1 Popularity to Target Windows Device Users

A new, highly sophisticated cyberattack campaign is targeting users seeking to download the popular...

OpenPGP.js Vulnerability Allows Attackers to Bypass Message Signature Verification

A critical vulnerability in OpenPGP.js, a widely used JavaScript library for encrypted messaging and...

Windows Defender Bypass Using PowerShell and Registry Edits in CyberEYE RAT

A newly discovered remote access trojan (RAT) named CyberEye is making waves in the cybersecurity community...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Severe WSO2 SOAP Flaw Allows Unauthorized Password Resets for Any Use

A newly disclosed vulnerability, CVE-2024-6914, has shocked the enterprise software community, affecting a wide...

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent...

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...