9.8
CVE-2023-28897
- EPSS 0.31%
- Veröffentlicht 12.01.2024 16:15:51
- Zuletzt bearbeitet 21.11.2024 07:56:14
- Quelle cve@asrg.io
- CVE-Watchlists
- Unerledigt
LoginHard-coded password for UDS services
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Skoda-auto ≫ Superb 3 Firmware Version2022
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.226 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cve@asrg.io | 4 | 2.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://asrg.io/security-advisories/cve-2023-28897