Executive Summary

Informations
Name CVE-2023-6248 First vendor Publication 2023-11-21
Vendor Cve Last vendor Modification 2023-12-04

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations:

* Get location data of the vehicle the device is connected to
* Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 )

* Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization )

* Get live video through the connected video camera

* Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6248

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Sources (Detail)

https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway/
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2023-12-04 21:27:35
  • Multiple Updates
2023-11-22 09:27:27
  • Multiple Updates
2023-11-22 00:27:23
  • First insertion