Multiple vulnerabilities in MBUX Infotainment System on Mercedes-Benz vehicles
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2021-23906 CVE-2021-23910 CVE-2021-23909 CVE-2021-23908 CVE-2021-23907 |
| CWE-ID | CWE-20 CWE-787 CWE-843 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MBUX Infotainment System Client/Desktop applications / Other client software |
| Vendor | Mercedes-Benz |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU53384
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-23906
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists in the Headunit NTG6 on Mercedes-Benz vehicles due to a message length is not checked in the HiQnet Protocol. A remote attacker can pass specially crafted input and execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMBUX Infotainment System: 2021
CPE2.3- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:2021:*:*:*:*:*:*:*
http://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
http://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
http://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU53388
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-23910
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists in HERMES 2.1 on Mercedes-Benz vehicles due to a boundary error when processing untrusted input in RemoteDiagnosisApp. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMBUX Infotainment System: 2021
CPE2.3- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:2021:*:*:*:*:*:*:*
http://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
http://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
http://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU53387
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-23909
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists in HERMES 2.1 on Mercedes-Benz vehicles due to insufficient validation of user-supplied input in the SH2 MCU. A remote attacker can pass specially crafted input and execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMBUX Infotainment System: 2021
CPE2.3- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:2021:*:*:*:*:*:*:*
http://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
http://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
http://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Type Confusion
EUVDB-ID: #VU53386
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-23908
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the Headunit NTG6 on Mercedes-Benz vehicles due to a type confusion error in MultiSvSetAttributes in the HiQnet Protocol. A remote attacker can pass specially crafted data, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMBUX Infotainment System: 2021
CPE2.3- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:2021:*:*:*:*:*:*:*
http://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
http://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
http://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU53385
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-23907
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists in the Headunit NTG6 on Mercedes-Benz vehicles due to the count in MultiSvGet, GetAttributes and MultiSvSet is not checked in the HiQnet Protocol. A remote attacker can pass specially crafted input and execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMBUX Infotainment System: 2021
CPE2.3- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:mercedes-benz:mbux_infotainment_system:2021:*:*:*:*:*:*:*
http://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
http://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
http://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
