Daimler Luki w zabezpieczeniach

Oś czasu

Rodzaj

Vehicle Software16

Produkt

Daimler Mercedes HERMES6
Daimler Mercedes MBUX4
Daimler Mercedes XENTRY Retail Data Storage2
Daimler Mercedes Comand2
Daimler Mercedes-Benz C Class AMG Premium Plus c22 ...2

Przeciwdziałanie

Official Fix4
Temporary Fix0
Workaround0
Unavailable4
Not Defined8

Wykorzystywanie

High0
Functional2
Proof-of-Concept4
Unproven0
Not Defined10

Wektor dostępu

Not Defined0
Physical10
Local2
Adjacent0
Network4

Uwierzytelnianie

Not Defined0
High0
Low2
None14

Interakcja z użytkownikiem

Not Defined0
Required0
None16

C3BM Index

CVSSv3 Base

≤10
≤20
≤34
≤44
≤52
≤60
≤74
≤82
≤90
≤100

CVSSv3 Temp

≤10
≤20
≤34
≤44
≤52
≤60
≤76
≤80
≤90
≤100

VulDB

≤10
≤24
≤30
≤44
≤52
≤64
≤72
≤80
≤90
≤100

NVD

≤10
≤20
≤34
≤40
≤52
≤62
≤70
≤82
≤92
≤100

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k12
<2k2
<5k0
<10k0
<25k2
<50k0
<100k0
≥100k0

Wykorzystaj dzisiaj

<1k16
<2k0
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (6): Mercedes-Benz C Class AMG Premium Plus c220 BlueTec (1), Mercedes Comand (1), Mercedes HERMES (6), Mercedes MBUX (5), Mercedes Me App (1), Mercedes XENTRY Retail Data Storage (1)

OpublikowanoBaseTempSłaby punktProdWykPrzEPSSCTICVE
2023-01-156.46.1Daimler Mercedes XENTRY Retail Data Storage API Request reboot denial of serviceVehicle SoftwareProof-of-ConceptNot Defined0.001670.00CVE-2023-23590
2021-05-145.35.1Daimler Mercedes MBUX HERMES 2.1 RemoteDiagnosisApp information disclosureVehicle SoftwareNot DefinedOfficial Fix0.005770.03CVE-2021-23910
2021-05-146.25.9Daimler Mercedes MBUX HERMES 2.1 Local Privilege EscalationVehicle SoftwareNot DefinedOfficial Fix0.034880.04CVE-2021-23909
2021-05-143.93.8Daimler Mercedes MBUX Headunit NTG6 MultiSvSetAttributes privilege escalationVehicle SoftwareNot DefinedOfficial Fix0.029380.02CVE-2021-23908
2021-05-143.93.8Daimler Mercedes MBUX Headunit NTG6 MultiSvSet Local Privilege EscalationVehicle SoftwareNot DefinedOfficial Fix0.034880.00CVE-2021-23907
2021-05-143.93.8Daimler Mercedes MBUX Headunit NTG6 Local Privilege EscalationVehicle SoftwareNot DefinedOfficial Fix0.017930.00CVE-2021-23906
2020-11-162.22.2Daimler Mercedes HERMES Debug Interface information disclosureVehicle SoftwareNot DefinedNot Defined0.000650.04CVE-2019-19563
2020-11-164.24.2Daimler Mercedes HERMES weak authenticationVehicle SoftwareNot DefinedNot Defined0.001000.00CVE-2019-19562
2020-11-162.22.2Daimler Mercedes HERMES Debug Interface information disclosureVehicle SoftwareNot DefinedNot Defined0.000650.00CVE-2019-19561
2020-11-164.24.2Daimler Mercedes HERMES Debug Interface weak authenticationVehicle SoftwareNot DefinedNot Defined0.001000.00CVE-2019-19560

5 więcej wpisów nie jest pokazywanych

🔒 Login Required

You need to signup and login to see more of the remaining 5 results.

PoprzedniPrzeglądKolejny

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!