An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.
References
Link | Resource |
---|---|
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/ | Third Party Advisory |
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf | Exploit Third Party Advisory |
https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
25 May 2021, 18:19
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/ - Third Party Advisory | |
References | (MISC) https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866 - Third Party Advisory | |
References | (MISC) https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-787 | |
CPE | cpe:2.3:h:mercedes-benz:e_350:-:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:eqc:-:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:gle_350:-:*:*:*:*:*:*:* cpe:2.3:a:mercedes-benz:hermes:2.1:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:a_220_4matic:-:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:e_350_4matic:-:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:a_220:-:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:gle_350_4matic:-:*:*:*:*:*:*:* |
Information
Published : 2021-05-13 19:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-23909
Mitre link : CVE-2021-23909
CVE.ORG link : CVE-2021-23909
JSON object : View
Products Affected
mercedes-benz
- gle_350
- e_350_4matic
- gle_350_4matic
- a_220
- eqc
- hermes
- a_220_4matic
- e_350
CWE
CWE-787
Out-of-bounds Write