Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mercedes-benz Security Vulnerabilities

cve
cve

CVE-2018-18070

An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, whi...

5.9CVSS

5.7AI Score

0.001EPSS

2018-10-09 09:29 AM
29
cve
cve

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as l...

7.5CVSS

7.4AI Score

0.011EPSS

2018-10-09 09:29 AM
23
cve
cve

CVE-2020-16142

On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.

3.5CVSS

4.2AI Score

0.001EPSS

2020-08-27 04:15 PM
44
cve
cve

CVE-2021-23906

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.

6.8CVSS

7AI Score

0.042EPSS

2021-05-13 07:15 PM
78
2
cve
cve

CVE-2021-23907

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.

9.8CVSS

9.6AI Score

0.058EPSS

2021-05-13 07:15 PM
67
2
cve
cve

CVE-2021-23908

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.

9.8CVSS

9.7AI Score

0.049EPSS

2021-05-13 07:15 PM
168
3
cve
cve

CVE-2021-23909

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.

9.8CVSS

9.7AI Score

0.058EPSS

2021-05-13 07:15 PM
72
3
cve
cve

CVE-2021-23910

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.

9.8CVSS

9.3AI Score

0.007EPSS

2021-05-13 07:15 PM
69
3
cve
cve

CVE-2023-23590

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.

7.5CVSS

7.4AI Score

0.002EPSS

2023-01-15 05:15 AM
22
cve
cve

CVE-2023-47392

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.

5.3CVSS

5.2AI Score

0.0005EPSS

2023-11-22 07:15 AM
15
cve
cve

CVE-2023-47393

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.

5.3CVSS

5AI Score

0.0005EPSS

2023-11-22 07:15 AM
15