Overview
- Description
- Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
- Source
- cve@asrg.io
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 2.4
- Impact score
- 1.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:preh:mib3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "124BB4C3-02DD-4CE9-81AA-CC8D378B75E4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:preh:mib3_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1025AE60-628B-44BE-B253-AC14D2D7D620",
"versionEndIncluding": "0304"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]