Arbitrary if the sending process is compromised through a parsing exploit of some sort. I’m not sure about CAN message authentication but it’d be much easier to convince someone to plug in a USB for lights/music than it’d be to plug into a diagnostic port making it an easier target.
Okay, I didn’t realize we were assuming an exploit in the parser which allows for arbitrary message sending. When I would write CAN logic we didn’t do any sort of authentication. And I know parsers have historically been an attack vector but I don’t understand how people write parsers that are exploitable for arbitrary CAN message sending.
