CVE-2023-28899 - OpenCVE

By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Skoda-auto	Superb 3 Superb 3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:skoda-auto:superb_3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*

References

Link	Resource
https://asrg.io/security-advisories/cve-2023-28899	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ASRG

Published: 2024-01-12T16:32:07.082Z

Updated: 2024-01-12T16:32:07.082Z

Reserved: 2023-03-27T14:51:13.968Z

Link: CVE-2023-28899

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-12T17:15:09.000

Modified: 2024-01-22T19:52:12.817

Link: CVE-2023-28899

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:skoda-auto:superb_3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A672066E-F623-4330-800B-C88631224BCC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "4459588C-A162-465D-BCC1-4719B657DBDD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.\u00a0"}, {"lang": "es", "value": "Al enviar una solicitud de reinicio UDS espec\u00edfica a trav\u00e9s del puerto OBDII de los veh\u00edculos Skoda, es posible provocar el apagado del motor del veh\u00edculo y la denegaci\u00f3n de servicio de otros componentes del veh\u00edculo incluso cuando el veh\u00edculo se mueve a alta velocidad. Ninguna funci\u00f3n cr\u00edtica de seguridad se ve afectada."}], "id": "CVE-2023-28899", "lastModified": "2024-01-22T19:52:12.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "cve@asrg.io", "type": "Secondary"}]}, "published": "2024-01-12T17:15:09.000", "references": [{"source": "cve@asrg.io", "tags": ["Third Party Advisory"], "url": "https://asrg.io/security-advisories/cve-2023-28899"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}