CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28912 – Cleartext Phonebook Information
https://notcve.org/view.php?id=CVE-2023-28912
28 Jun 2025 — The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an atta... • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29113 – A lack of access control in custom IPC mechanism
https://notcve.org/view.php?id=CVE-2023-29113
28 Jun 2025 — The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resou... • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-284: Improper Access Control •