CVE-2023-28912
Cleartext Phonebook Information
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data.
The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-03-27 CVE Reserved
- 2025-06-28 CVE Published
- 2025-06-30 CVE Updated
- 2025-07-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
- CAPEC-37: Retrieve Embedded Sensitive Data
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Preh Car Connect GmbH (JOYNEXT GmbH) Search vendor "Preh Car Connect GmbH (JOYNEXT GmbH)" | Volkswagen MIB3 Infotainment System MIB3 OI MQB Search vendor "Preh Car Connect GmbH (JOYNEXT GmbH)" for product "Volkswagen MIB3 Infotainment System MIB3 OI MQB" | <= 0304 Search vendor "Preh Car Connect GmbH (JOYNEXT GmbH)" for product "Volkswagen MIB3 Infotainment System MIB3 OI MQB" and version " <= 0304" | en |
Affected
|