Vulnerabilities > CVE-2023-6073 - Unspecified vulnerability in Volkswagen Id.3 Firmware

047910
CVSS 6.3 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
HIGH
low complexity
volkswagen

Summary

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.

Vulnerable Configurations

Part Description Count
OS
Volkswagen
1
Hardware
Volkswagen
1