CVE-2023-28896

LOW Year: 2023
CVSS v3 Score
2.4
Low
Weakness Type
CWE-261
View all →

Vulnerability Description

Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Related Vulnerabilities

CVE-2022-35931

LOW
CVSS:2.7(Low)

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in ver...

CWE-2612022

CVE-2017-7905

CRITICAL
CVSS:9.8(Critical)

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmwa...

CWE-2612017

CVE-2020-10275

CRITICAL
CVSS:9.8(Critical)

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly w...

CWE-2612020

CVE-2021-21507

CRITICAL
CVSS:9.8(Critical)

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote...

CWE-2612021

CVE-2024-24279

HIGH
CVSS:8.8(High)

An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower fu...

CWE-2612024

CVE-2024-28270

HIGH
CVSS:8.1(High)

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.

CWE-2612024