The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.
Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
References
Link | Resource |
---|---|
https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/ | Third Party Advisory |
https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.5 |
References | () https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/ - Third Party Advisory |
06 Dec 2023, 20:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/ - Third Party Advisory | |
CPE | cpe:2.3:o:preh:mib3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:preh:mib3:-:*:*:*:*:*:*:* |
|
CWE | CWE-798 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
01 Dec 2023, 14:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-01 14:15
Updated : 2024-11-21 07:56
NVD link : CVE-2023-28895
Mitre link : CVE-2023-28895
CVE.ORG link : CVE-2023-28895
JSON object : View
Products Affected
preh
- mib3
- mib3_firmware