Lucene search

ASRGCVELIST:CVE-2023-28899

HistoryJan 12, 2024 - 4:32 p.m.

CVE-2023-28899 Denial of Service via ECU reset service

2024-01-1216:32:07

ASRG

www.cve.org

cve-2023-28899

ecu reset service

obdii port

skoda vehicles

engine shutdown

denial of service

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Superb III",
    "vendor": "Škoda",
    "versions": [
      {
        "lessThanOrEqual": "2022",
        "status": "affected",
        "version": "0",
        "versionType": "2.0 TDI"
      }
    ]
  }
]

References

asrg.io/security-advisories/cve-2023-28899

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-28899