Danila Parnishchev

#10528of 53,635
26.3Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2025-27308
5.2
2025-06-28
Volkswagen · Mib3 · CVE-2023-28904
Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit (affected versions not specified) Description: A logic flaw in the bootloader component of the MIB3 infotainment unit leads to a RAM buffer overflow, allowing an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-12200
9.6
2024-11-05
Enel X · Waybox Enel X Web Management Application · CVE-2023-29120
**Name of the Vulnerable Software and Affected Versions** Waybox Enel X web management application (affected versions not specified) **Description** The Waybox Enel X web management application has a flaw that allows users to execute arbitrary OS commands, providing administrator’s privileges over the Waybox system. This issue affects specific versions of WAYBOX-2023-001. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-12182
4.7
2024-01-12
Skoda · Skoda Vehicles · CVE-2023-28899
**Name of the Vulnerable Software and Affected Versions** Skoda vehicles (affected versions not specified) **Description** The issue allows an attacker to send a specific reset UDS request via the OBDII port of Skoda vehicles, potentially causing the vehicle engine to shut down and resulting in the denial of service of other vehicle components, even when the vehicle is moving at a high speed. It is noted that no safety-critical functions are affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-22035
6.8
2023-12-01
Volkswagen · Mib3 · CVE-2023-28895
**Name of the Vulnerable Software and Affected Versions** MIB3 infotainment (affected versions not specified) **Description** The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. This allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. The issue was found on the Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.