CVE-2023-28899 MEDIUM

CVE-2023-28899: Denial of Service via ECU reset service

Vendor Škoda
Product Superb III
Published January 12, 2024
Last update October 25, 2024

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected. 

Key dates

02Disclosure timeline

January 12, 2024 CVE published
October 25, 2024 Record updated