CVE-2023-28899 Vulnerability Details

  /     /     /  

CVE-2023-28899 Metadata Quick Info

CVE Published: 12/01/2024 | CVE Updated: 25/10/2024 | CVE Year: 2023
Source: ASRG | Vendor: Škoda | Product: Superb III
Status : PUBLISHED

---

CVE-2023-28899 Description

By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected. 

Metrics

CVSS Version: 3.1 | Base Score: 4.7 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: Škoda

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).