Unrated severityNVD Advisory· Published Dec 1, 2023· Updated Aug 2, 2024

Weak encoding for password in UDS services

CVE-2023-28896

Description

Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.

Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Volkswagen/MIB3llm-fuzzy
Skoda/Superb IIIllm-fuzzy
JOYNEXT/MIB3 Infotainment Unitv5
Range: 0

Patches

Vulnerability mechanics

References

asrg.io/security-advisories/cve-2023-28896/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000