33 matches found
EUVD-2023-32518
Malicious code in bioql PyPI...
EUVD-2023-32517
Malicious code in bioql PyPI...
EUVD-2023-32515
Malicious code in bioql PyPI...
EUVD-2023-32516
Malicious code in bioql PyPI...
CVE-2023-28896
Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...
CVE-2023-28895
The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...
CVE-2023-28897
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...
CVE-2023-28898
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
CVE-2023-28897
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...
Design/Logic Flaw
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
Hardcoded credentials
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...
CVE-2023-28898
The CVE-2023-28898 issue involves the Real-Time Streaming Protocol (RTSP) in the MIB3 infotainment system of the Škoda Superb III (3V3) 2.0 TDI (2022). The RTSP implementation improperly handles requests to the /logs URI when the id parameter is zero, enabling a connected attacker on the in-vehic...
CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
CVE-2023-28897
CVE-2023-28897 affects Škoda MIB3 infotainment. The vulnerability stems from a hardcoded secret value used to access critical UDS services, impacting Škoda Superb III (3V3) 2.0 TDI (2022). According to NVD, CVSSv3.1 base score 9.8 (Network, high impact on confidentiality, integrity, availability)...
CVE-2023-28897 Hard-coded password for UDS services
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...
CVE-2023-28897 Hard-coded password for UDS services
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...
Škoda Modular Infotainment Platform 3 Trust Management Issues Vulnerability
Škoda Modular Infotainment Platform 3 MIB3 is a modular infotainment platform from the Czech company Škoda. A security vulnerability exists in the Škoda Modular Infotainment Platform 3 MIB3 infotainment that stems from the use of hard-coded secret values...
CVE-2023-28896
Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...
CVE-2023-28895
The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...