Overview
- Description
- The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
- Source
- cve@asrg.io
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:preh:mib3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "124BB4C3-02DD-4CE9-81AA-CC8D378B75E4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:preh:mib3_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "235F232E-9A13-4CB9-8932-CD4760251CDD",
"versionEndExcluding": "0304"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]