Artem Ivachev

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit (affected versions not specified) Description: The MIB3 infotainment unit used in Skoda and Volkswagen vehicles lacks privilege separation for its proprietary inter-process communication mechanism. This allows attackers with system presence to bypass access control restrictions at the operating system level. The issue was initially found in a Skoda Superb III car with a specific MIB3 infotainment unit. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit (affected versions not specified) Description: An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MIB3 Infotainment Unit (affected versions not specified) Description: An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit (affected versions not specified) Description: A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The issue was originally discovered in a Skoda Superb III car with an MIB3 infotainment unit. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment versions (affected versions not specified) Description: A command injection in the networking service of the MIB3 infotainment allows an attacker already present in the system to escalate privileges and obtain administrative access to the system. The issue was originally discovered in a Skoda Superb III car with an MIB3 infotainment unit. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment (affected versions not specified) Description: The issue is related to the lack of memory isolation between CPU cores of the MIB3 infotainment, allowing an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing. This was originally discovered in a Skoda Superb III car with an MIB3 infotainment unit. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MIB3 unit (affected versions not specified) Description: The issue concerns the storage of the synchronized phone contact book in clear-text by the MIB3 unit. This allows an attacker with either code execution privilege on the system or physical access to the system to obtain the vehicle owner's contact data. The vulnerability was originally discovered in a Skoda Superb III car with an MIB3 infotainment unit. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Waybox WB-2024-001 Waybox WB-2024-002 Waybox WB-2024-003 **Description** A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700. **Recommendations** For Waybox WB-2024-001, update to the latest firmware to mitigate risks. For Waybox WB-2024-002, update to the latest version to mitigate risks. For Waybox WB-2024-003, update to the latest firmware to mitigate risks.

**Name of the Vulnerable Software and Affected Versions** Waybox (affected versions not specified) **Description** Under certain conditions, access to service libraries is granted to accounts that should not have access to them. This issue allows unauthorized access to service libraries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Škoda Superb III (3V3) - 2.0 TDI version 2022 **Description** The issue is related to a hardcoded secret value used for access to critical UDS services of the MIB3 infotainment. This hardcoded value is present in the firmware. The vulnerability was discovered in a Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modular Infotainment Platform 3 (MIB3) (affected versions not specified) **Description** Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. The vulnerability was discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoftControl/SafenSoft SysWatch versions prior to 4.4.12 SoftControl/SafenSoft TPSecure versions prior to 4.4.12 SoftControl/SafenSoft Enterprise Suite versions prior to 4.4.12 **Description** The issue allows a remote attacker to execute unauthorized code by substituting a forged update server, due to the download of code with improper integrity check in snsupd.exe and upd.exe. **Recommendations** For versions prior to 4.4.12, update to version 4.4.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SoftControl/SafenSoft SysWatch versions prior to 4.4.2 SoftControl/SafenSoft TPSecure versions prior to 4.4.2 SoftControl/SafenSoft Enterprise Suite versions prior to 4.4.2 **Description** The issue allows a local attacker to restore the SysWatch password from the settings database and modify program settings due to the storage of passwords in a recoverable format in the SysWatch service. **Recommendations** For SoftControl/SafenSoft SysWatch versions prior to 4.4.2, update to version 4.4.2 or later. For SoftControl/SafenSoft TPSecure versions prior to 4.4.2, update to version 4.4.2 or later. For SoftControl/SafenSoft Enterprise Suite versions prior to 4.4.2, update to version 4.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** SoftControl/SafenSoft SysWatch versions prior to 4.4.9 SoftControl/SafenSoft TPSecure versions prior to 4.4.9 SoftControl/SafenSoft Enterprise Suite versions prior to 4.4.9 **Description** The issue arises from an improper check of unusual conditions when launching msiexec.exe in the SysWatch service, allowing a local attacker to bypass a code-signing protection mechanism. This enables the attacker to install or execute an unauthorized program by modifying the system configuration and installing a forged MSI file, contrary to the intended behavior of only allowing installations of MSI files signed by a limited list of certificates. **Recommendations** For SoftControl/SafenSoft SysWatch versions prior to 4.4.9, update to version 4.4.9 or later to resolve the issue. For SoftControl/SafenSoft TPSecure versions prior to 4.4.9, update to version 4.4.9 or later to resolve the issue. For SoftControl/SafenSoft Enterprise Suite versions prior to 4.4.9, update to version 4.4.9 or later to resolve the issue.