MidnightBSD

Advisories for bmw

CVE-2018-9311 HIGH

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,

Products Affected

Vendor Product Version
bmw telematics_control_unit_firmware -
CVE-2018-9312 HIGH

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,

Products Affected

Vendor Product Version
bmw head_unit_hu_nbt_firmware -
CVE-2018-9313 MEDIUM

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,

Products Affected

Vendor Product Version
bmw head_unit_hu_nbt_firmware -
CVE-2018-9314 HIGH

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,

Products Affected

Vendor Product Version
bmw head_unit_hu_nbt_firmware -
CVE-2018-9318 HIGH

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,

Products Affected

Vendor Product Version
bmw telematics_control_unit_firmware -
CVE-2018-9320 HIGH

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,

Products Affected

Vendor Product Version
bmw head_unit_hu_nbt_firmware -
CVE-2018-9322 HIGH

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,

Products Affected

Vendor Product Version
bmw head_unit_hu_nbt_firmware -