Security Vulnerabilities - CVEs Published In February 2025
Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup on USB.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-02-13
Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability.
CVSS Score
4.9
EPSS Score
0.002
Published
2025-02-13
An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-02-13
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-02-13
An attacker may modify the URL to discover sensitive information about the target network.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-13
The Mojave Inverter uses the GET method for sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-13
An attacker may inject commands via specially-crafted post requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-13
The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.
CVSS Score
10.0
EPSS Score
0.641
Published
2025-02-13
mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-02-13
The Dingtian DT-R0 Series is vulnerable to an exploit that allows
attackers to bypass login requirements by directly navigating to the
main page.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-13