CVE-2023-28899
Denial of Service via ECU reset service
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
12 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
Škoda · Superb III