CVE-2023-28895 - Vulnerability Details - OpenCVE

The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.

Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00114.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Preh	Mib3 Mib3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:preh:mib3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:preh:mib3:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-32515	The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/

History

Mon, 02 Dec 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: ASRG

Published: 2023-12-01T13:41:16.581Z

Updated: 2024-12-02T17:48:05.077Z

Reserved: 2023-03-27T14:51:13.967Z

Link: CVE-2023-28895

Vulnrichment

Updated: 2024-08-02T13:51:38.834Z

NVD

Status : Modified

Published: 2023-12-01T14:15:07.540

Modified: 2024-11-21T07:56:13.933

Link: CVE-2023-28895

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28895", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2023-03-27T14:51:13.967Z", "datePublished": "2023-12-01T13:41:16.581Z", "dateUpdated": "2024-12-02T17:48:05.077Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MIB3 Infotainment Unit", "vendor": "JOYNEXT", "versions": [{"lessThanOrEqual": "0304", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Danila Parnishchev (PCAutomotive)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.<br><br>Vulnerability found on <span style=\"background-color: var(--wht);\">\u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.</span>"}], "value": "The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.\n\nVulnerability found on\u00a0\u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37: Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "CWE-259", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2024-04-24T14:25:01.361Z"}, "references": [{"url": "https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/"}], "source": {"discovery": "EXTERNAL"}, "title": "Hard-coded password for access to power controller chip memory", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.834Z"}, "title": "CVE Program Container", "references": [{"url": "https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-12-05T17:19:18.033246Z", "id": "CVE-2023-28895", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T17:48:05.077Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.834Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28895", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2023-12-05T17:19:18.033246Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T17:47:50.437Z"}}], "cna": {"title": "Hard-coded password for access to power controller chip memory", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Danila Parnishchev (PCAutomotive)"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37: Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "JOYNEXT", "product": "MIB3 Infotainment Unit", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0304"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.\n\nVulnerability found on\u00a0\u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.", "supportingMedia": [{"type": "text/html", "value": "The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.<br><br>Vulnerability found on <span style=\"background-color: var(--wht);\">\u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2024-04-24T14:25:01.361Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28895", "state": "PUBLISHED", "dateUpdated": "2024-12-02T17:48:05.077Z", "dateReserved": "2023-03-27T14:51:13.967Z", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "datePublished": "2023-12-01T13:41:16.581Z", "assignerShortName": "ASRG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:preh:mib3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "235F232E-9A13-4CB9-8932-CD4760251CDD", "versionEndExcluding": "0304", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:preh:mib3:-:*:*:*:*:*:*:*", "matchCriteriaId": "124BB4C3-02DD-4CE9-81AA-CC8D378B75E4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.\n\nVulnerability found on\u00a0\u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022."}, {"lang": "es", "value": "La contrase\u00f1a para acceder a la consola de depuraci\u00f3n PoWer Controller chip (PWC) del infoentretenimiento MIB3 est\u00e1 codificada en el firmware. La consola permite a los atacantes con acceso f\u00edsico a la unidad MIB3 obtener control total sobre el chip PWC. Vulnerabilidad encontrada en \u0160koda Superb III (3V3) - 2.0 TDI fabricado en 2022."}], "id": "CVE-2023-28895", "lastModified": "2024-11-21T07:56:13.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 2.5, "source": "cve@asrg.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-01T14:15:07.540", "references": [{"source": "cve@asrg.io", "tags": ["Third Party Advisory"], "url": "https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "cve@asrg.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}