Multiple BMW Vehicle Head Unit HU_NBT Component Design Vulnerabilities (CNVD-2018-11310)

BMW i Series, etc. are different series of automobile products of BMW Bayerische Motoren Werke AG, Germany.Head Unit HUNBT Infotainment component is a set of infotainment system of the system. A security vulnerability exists in the Head Unit HUNBT component on several BMW vehicles vehicles...

Design/Logic Flaw

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

Code injection

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot...

Design/Logic Flaw

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

Code injection

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in...

CVE-2018-9318

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

CVE-2018-9313

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot...

CVE-2018-9311

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9318

CVE-2018-9318 concerns BMW vehicles (2012–2018) with the Telematics Control Unit (TCB). The issue allows a remote attack over a cellular network by exploiting the TCB, with NVD indicating a critical impact (CVSSv3: 9.8, network, no user interaction, high confidentiality/integrity/availability). T...

CVE-2018-9311

The CVE-2018-9311 vulnerability affects the Telematics Control Unit (TCB/Telematics Communication Box) used in BMW vehicles produced from 2012–2018. Affected component: TCB within the vehicle’s telematics system. Described impact: allows a remote attack via a cellular network, with CVSS v3.0 base...

CVE-2018-9312

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in...

CVE-2018-9313

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot...

CVE-2018-9318

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

CVE-2018-9314

CVE-2018-9314 affects the Head Unit HU_NBT (Infotainment) in BMW i/X/3/5/7 Series models produced 2012–2018. The vulnerability allows an attacker with direct physical access to compromise the infotainment component. CVSS3 indicates a base score of 6.8 (Medium) with Attack Vector: Physical, Low At...

CVE-2018-9320

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in...

CVE-2018-9311

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

UBUNTU-CVE-2018-11419

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function via a RegExp"\u0" payload, related to reparsecharclass in parser/regexp/re-parser.c...

Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

Chinese security researchers have discovered more than a dozen vulnerabilities in the onboard compute units of BMW cars, some of which can be exploited remotely to compromise a vehicle. The security flaws have been discovered during a year-long security audit conducted by researchers from Keen...

Multiple CPU Hardwares Information Disclosure Vulnerabilities

CPU hardware is the firmware that runs in the central processor to manage and control the CPU. An information disclosure vulnerability exists in multiple CPU Hardwares. The vulnerability arises due to a contention condition in CPU cache processing. A local attacker can exploit the vulnerability t...