Filtered by vendor Mercedes-benz
Subscribe
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47393 | 1 Mercedes-benz | 1 Mercedes Me | 2023-12-10 | N/A | 5.3 MEDIUM |
| An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors. | |||||
| CVE-2023-47392 | 1 Mercedes-benz | 1 Mercedes Me | 2023-12-10 | N/A | 5.3 MEDIUM |
| An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request. | |||||
| CVE-2023-23590 | 1 Mercedes-benz | 2 Xentry Retail Data Storage, Xentry Retail Data Storage Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device. | |||||
| CVE-2021-23907 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-23910 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp. | |||||
| CVE-2021-23909 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution. | |||||
| CVE-2021-23906 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 2.1 LOW | 6.8 MEDIUM |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-23908 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2020-16142 | 1 Mercedes-benz | 2 C220, Comand | 2023-12-10 | 2.9 LOW | 3.5 LOW |
| On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. | |||||
| CVE-2018-18070 | 1 Mercedes-benz | 2 C-class, Comand | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
| An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.) | |||||
| CVE-2018-18071 | 1 Mercedes-benz | 1 Mercedes Me | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel. | |||||