← back
CVE-2023-28899

Denial of Service via ECU reset service

CVSS 4.7 MEDIUMEPSS 0.1%CWE-770
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected. 
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
Škoda · Superb III