Vulnerability Details CVE-2021-23909
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.1%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 7.5
References
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Products affected by CVE-2021-23909
-
cpe:2.3:a:mercedes-benz:hermes:2.1
-
cpe:2.3:h:mercedes-benz:a_220:-
-
cpe:2.3:h:mercedes-benz:a_220_4matic:-
-
cpe:2.3:h:mercedes-benz:e_350:-
-
cpe:2.3:h:mercedes-benz:e_350_4matic:-
-
cpe:2.3:h:mercedes-benz:eqc:-
-
cpe:2.3:h:mercedes-benz:gle_350:-
-
cpe:2.3:h:mercedes-benz:gle_350_4matic:-