Incident: Recall of Nissan Hybrid Sedans Due to Software Communication Error

Published Date: 2014-11-04

Postmortem Analysis
Timeline 1. The software failure incident of the Nissan Q50 and Q70 hybrid sedans happened in late August in Japan, as mentioned in the NHTSA documents in Article 32080. 2. Published on 2014-11-04. 3. The software failure incident occurred in August 2014.
System 1. Motor inverter and transmission control module communication system 2. Automatic transmission housings (for potential cracks) [32080]
Responsible Organization 1. The software failure incident in the Nissan hybrid Infiniti Q50 and Q70 luxury sedans was caused by a communications error between the motor inverter and transmission control module, leading to the electric motor stopping due to a software issue [32080].
Impacted Organization 1. Customers who purchased the affected Nissan Q50 and Q70 hybrid sedans globally were impacted by the software failure incident [32080].
Software Causes 1. The software cause of the failure incident was a communications error between the motor inverter and transmission control module, leading to the electric motor stopping due to a software issue [32080].
Non-software Causes 1. Cracks in automatic transmission housings caused during manufacturing by the supplier [32080]
Impacts 1. The software failure incident in the Nissan Q50 and Q70 hybrid sedans led to the electric motor stopping due to a communications error between the motor inverter and transmission control module, potentially causing a stall-like condition and increasing the risk of a crash [32080]. 2. The issue did not occur when the car was operating at highway speeds with the internal combustion engine in use, indicating that the failure primarily affected lower-speed driving scenarios [32080].
Preventions 1. Implementing thorough testing procedures during the software development phase to detect communication errors between components like the motor inverter and transmission control module [32080]. 2. Conducting comprehensive field testing and monitoring to identify potential issues before they escalate into widespread problems [32080]. 3. Enhancing quality control measures during the manufacturing process to prevent defects that could lead to software-related failures [32080].
Fixes 1. Reprogramming the motor inverter software at no cost [32080] 2. Installing a new transmission assembly if any cracks are found by the dealers [32080]
References 1. U.S. National Highway Traffic Safety Administration (NHTSA) [32080] 2. Nissan Motor Co [32080]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to the Nissan Q50 and Q70 hybrid sedans occurred within the same organization, Nissan Motor Co. The article mentions that Nissan is recalling the vehicles due to possible software and transmission issues, specifically a communications error between the motor inverter and transmission control module [32080]. (b) There is no information in the article about the software failure incident happening at multiple organizations or with their products and services.
Phase (Design/Operation) design (a) The software failure incident related to the design phase is evident in the article. Nissan is recalling more than 14,000 hybrid Infiniti Q50 and Q70 luxury sedans globally due to possible software and transmission issues. The issue is specifically related to a communications error between the motor inverter and transmission control module, which can cause the electric motor to stop running, leading to a stall-like condition that may increase the risk of a crash [32080]. (b) The software failure incident related to the operation phase is not explicitly mentioned in the article. Therefore, it is unknown if the failure was due to contributing factors introduced by the operation or misuse of the system.
Boundary (Internal/External) within_system (a) within_system: The software failure incident in this case was within the system. Nissan is recalling more than 14,000 hybrid Infiniti Q50 and Q70 luxury sedans globally due to possible software and transmission issues. The issue was specifically related to a communications error between the motor inverter and transmission control module, causing the electric motor to stop running, which could lead to a stall-like condition and increase the risk of a crash [32080]. The problem was discovered after a "field incident" in Japan, indicating an internal system issue that led to the software failure.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in the Nissan recall was due to a non-human action, specifically a communications error between the motor inverter and transmission control module, leading to the electric motor stopping running [32080]. (b) The recall also involved a separate issue related to the automatic transmission housings potentially having cracks caused during manufacturing by the supplier, which could lead to on-road debris and increase the risk of a crash. This issue was due to a human action, specifically a manufacturing defect introduced during the production process [32080].
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The article mentions that Nissan is recalling 1,641 hybrid sedans due to automatic transmission housings that may have cracks caused during manufacturing by the supplier, indicating a hardware issue [32080]. (b) The software failure incident occurring due to software: - The software failure incident in the article is related to a communication error between the motor inverter and transmission control module, leading to the electric motor stopping, which is a software issue [32080].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the Nissan recall of hybrid Infiniti Q50 and Q70 luxury sedans was non-malicious. The failure was attributed to a communications error between the motor inverter and transmission control module, leading to the electric motor stopping, which could increase the risk of a crash [32080]. The issue was discovered after a field incident in Japan, and Nissan took proactive steps to address the problem by reprogramming the motor inverter software at no cost to customers.
Intent (Poor/Accidental Decisions) accidental_decisions (a) The software failure incident related to the Nissan recall of hybrid Infiniti Q50 and Q70 luxury sedans was not due to poor decisions but rather due to a communication error between the motor inverter and transmission control module, leading to the electric motor stopping, potentially increasing the risk of a crash [32080].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident related to the Nissan recall of hybrid Infiniti Q50 and Q70 luxury sedans was due to a development incompetence issue. The failure occurred because of a communications error between the motor inverter and transmission control module, leading to the electric motor stopping, which could increase the risk of a crash [32080]. The issue was discovered after a field incident in Japan, indicating a lack of professional competence in the initial development or testing of the software system.
Duration temporary The software failure incident related to the Nissan recall of hybrid Infiniti Q50 and Q70 luxury sedans was temporary. The issue was specifically related to a communications error between the motor inverter and transmission control module, causing the electric motor to stop running under certain circumstances. This temporary failure could lead to a stall-like condition, increasing the risk of a crash. Nissan addressed this issue by reprogramming the motor inverter software to resolve the communication error [32080].
Behaviour crash, value, other (a) crash: The software failure incident in the Nissan hybrid sedans could lead to a stall-like condition when the electric motor stops working, potentially increasing the risk of a crash [32080]. (b) omission: There is no specific mention of the software failure incident omitting to perform its intended functions at an instance(s) in the provided article. (c) timing: The issue with the software failure incident does not involve the system performing its intended functions too late or too early. (d) value: The software failure incident involves the system performing its intended functions incorrectly, leading to the electric motor potentially stopping due to a communications error between the motor inverter and transmission control module [32080]. (e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions. (f) other: The other behavior of the software failure incident is related to the potential risk of a crash due to the software issue, as mentioned in the article [32080].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence non-human, theoretical_consequence (a) death: There is no mention of any deaths resulting from the software failure incident in the articles [32080]. (b) harm: The articles do not report any physical harm to individuals due to the software failure incident [32080]. (c) basic: There is no indication that people's access to food or shelter was impacted by the software failure incident [32080]. (d) property: The software failure incident did not result in any impact on people's material goods, money, or data [32080]. (e) delay: The articles do not mention any activities being postponed due to the software failure incident [32080]. (f) non-human: The software failure incident impacted the functioning of the electric motor in the hybrid sedans, leading to a stall-like condition that could increase the risk of a crash [32080]. (g) no_consequence: The articles do not state that there were no real observed consequences of the software failure incident [32080]. (h) theoretical_consequence: The articles discuss potential consequences of the software failure incident, such as the risk of a crash due to the stall-like condition caused by the electric motor stopping [32080]. (i) other: There are no other consequences of the software failure incident mentioned in the articles [32080].
Domain transportation (a) The failed system in this incident was related to the transportation industry, specifically affecting Nissan's hybrid Infiniti Q50 and Q70 luxury sedans [32080]. The software and transmission issues in these vehicles led to a recall of over 14,000 units globally due to potential safety risks associated with the electric motor and transmission control module communication error.

Sources

Back to List