CVE-2023-28895
low-risk
Published 2023-12-01
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10
Low
PHYSICAL
/ LOW complexity
Affected Products (1)
Mib3 Firmware
Affected Vendors
References (2)
Third Party Advisory
https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-cont...
Third Party Advisory
https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-cont...
18
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal