EUVD-2018-20908

Malware in sbrugna...

Design/Logic Flaw

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access...

Code injection

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in...

Code injection

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9313

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot...

Design/Logic Flaw

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

Code injection

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot...

CVE-2018-9314

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access...

CVE-2018-9320

The CVE-2018-9320 entry concerns BMW’s Head Unit HU_NBT (Infotainment) used across 2012–2018 model lines (i Series, X Series, 3/5/7 Series). The vulnerability is described as a local attack that can be triggered when a USB device is plugged into the head unit. Documents provided confirm the affec...

CVE-2018-9312

CVE-2018-9312 concerns BMW’s Head Unit HU_NBT (Infotainment) in BMW i/X/3/5/7 Series vehicles from 2012–2018. The vulnerability enables a local attack when a USB device is connected. NVD data records a CVSS-3 base score of 7.8 (HIGH) with LOCAL access, LOW attack complexity, and no user interacti...

CVE-2018-9314

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access...

CVE-2018-9322

The CVE-2018-9322 entry describes a vulnerability in the Head Unit HU_NBT (Infotainment) used in BMW i/X/3/5/7 Series vehicles from 2012–2018. A local attacker with access to USB or OBD-II interfaces can bypass the firmware update code-signing protection, enabling execution of unsigned firmware a...

CVE-2018-9314

CVE-2018-9314 affects the Head Unit HU_NBT (Infotainment) in BMW i/X/3/5/7 Series models produced 2012–2018. The vulnerability allows an attacker with direct physical access to compromise the infotainment component. CVSS3 indicates a base score of 6.8 (Medium) with Attack Vector: Physical, Low At...