CVE-2023-28896
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.
Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| JOYNEXT | MIB3 Infotainment Unit | 0 <= 0304 | affected |
Weaknesses
- CWE-261: CWE-261
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.