Vulnerabilities (CVE)

Filtered by vendor Mercedes-benz Subscribe
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47393 1 Mercedes-benz 1 Mercedes Me 2024-11-21 N/A 5.3 MEDIUM
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.
CVE-2023-47392 1 Mercedes-benz 1 Mercedes Me 2024-11-21 N/A 5.3 MEDIUM
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.
CVE-2023-23590 1 Mercedes-benz 2 Xentry Retail Data Storage, Xentry Retail Data Storage Firmware 2024-11-21 N/A 7.5 HIGH
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.
CVE-2021-23910 1 Mercedes-benz 8 A 220, A 220 4matic, E 350 and 5 more 2024-11-21 7.5 HIGH 5.3 MEDIUM
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.
CVE-2021-23909 1 Mercedes-benz 8 A 220, A 220 4matic, E 350 and 5 more 2024-11-21 7.5 HIGH 6.3 MEDIUM
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.
CVE-2021-23908 1 Mercedes-benz 8 A 220, A 220 4matic, E 350 and 5 more 2024-11-21 7.5 HIGH 2.9 LOW
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.
CVE-2021-23907 1 Mercedes-benz 8 A 220, A 220 4matic, E 350 and 5 more 2024-11-21 7.5 HIGH 2.9 LOW
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.
CVE-2021-23906 1 Mercedes-benz 8 A 220, A 220 4matic, E 350 and 5 more 2024-11-21 2.1 LOW 1.8 LOW
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.
CVE-2020-16142 1 Mercedes-benz 2 C220, Comand 2024-11-21 2.9 LOW 3.5 LOW
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
CVE-2018-18071 1 Mercedes-benz 1 Mercedes Me 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.
CVE-2018-18070 1 Mercedes-benz 2 C-class, Comand 2024-11-21 7.1 HIGH 5.9 MEDIUM
An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.)