Description
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.
Vulnerability discovered on Škoda Superb III (3V3) – 2.0 TDI manufactured in 2022.
Advisory Details
- CVE ID
- CVE-2023-28896
- Affected Products
- MIB3 Infotainment Unit
- Problem Type
- CWE-261 Weak Encoding for Password
- CAPEC ID
- CAPEC-115 Authentication Bypass
- CVSS Score
- 3.5
- CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- Published
- Dec 1, 2023