CVE-2023-28895: Hard-coded password for access to power controller chip memory

3.5 CVSS

Description

The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.

Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Classification

CVE ID: CVE-2023-28895

CVSS Base Severity: LOW

CVSS Base Score: 3.5

Affected Products

Vendor: JOYNEXT

Product: MIB3 Infotainment Unit

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 25.75% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/

Timeline

2024-12-03 00:11:14 UTC
CVE

Hard-coded password for access to power controller chip memory