Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-28896
HistoryDec 01, 2023 - 2:15 p.m.

CVE-2023-28896

2023-12-0114:15:07
CWE-326
CWE-261
[email protected]
web.nvd.nist.gov
cve-2023-28896
unified diagnostics services
controller area network
Ε‘koda superb iii
infotainment
can bus
physical access
vulnerability

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON

Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3Β (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.

Vulnerability discovered onΒ Ε koda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Affected configurations

NVD
Node
prehmib3Match-
AND
prehmib3_firmwareRange≀0304

Related

cve 1
cvelist 1
prion 1
cve
cve
CVE-2023-28896
2023-12-01 14:15:07
cvelist
cvelist
CVE-2023-28896 Weak encoding for password in UDS services
2023-12-01 14:01:05
prion
prion
Design/Logic Flaw
2023-12-01 14:15:00

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON
Related for NVD:CVE-2023-28896
cve1cvelist1prion1