Search

Find a vulnerability

Search criteria

    2 vulnerabilities by Faurecia Clarion Electronics Co., Ltd.

    CVE-2024-6245 (GCVE-0-2024-6245)

    Vulnerability from nvd – Published: 2024-10-28 16:42 – Updated: 2024-11-07 15:16
    VLAI
    Title
    Default Credentials in ssh service for SmartPlay in Maruti Suzuki
    Summary
    Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Mohammed Shine
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T17:32:12.842689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T17:32:34.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Infotainment Hub"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SmartPlay",
              "vendor": "Faurecia Clarion Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "66T0.05.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohammed Shine"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.\u003cp\u003eThe issue was detected on a 2022 Maruti Suzuki Brezza in India Market.\u003c/p\u003e\u003cp\u003eThis issue affects SmartPlay: 66T0.05.50.\u003c/p\u003e"
                }
              ],
              "value": "Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market.\n\nThis issue affects SmartPlay: 66T0.05.50."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392: Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-07T15:16:26.982Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.marutisuzuki.com/corporate/technology/smartplay-systems"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.global-infotainment-system.com/en/top.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Default Credentials in ssh service for SmartPlay in Maruti Suzuki",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2024-6245",
        "datePublished": "2024-10-28T16:42:52.194Z",
        "dateReserved": "2024-06-21T14:44:25.449Z",
        "dateUpdated": "2024-11-07T15:16:26.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6245 (GCVE-0-2024-6245)

    Vulnerability from cvelistv5 – Published: 2024-10-28 16:42 – Updated: 2024-11-07 15:16
    VLAI
    Title
    Default Credentials in ssh service for SmartPlay in Maruti Suzuki
    Summary
    Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Mohammed Shine
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T17:32:12.842689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T17:32:34.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Infotainment Hub"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SmartPlay",
              "vendor": "Faurecia Clarion Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "66T0.05.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohammed Shine"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.\u003cp\u003eThe issue was detected on a 2022 Maruti Suzuki Brezza in India Market.\u003c/p\u003e\u003cp\u003eThis issue affects SmartPlay: 66T0.05.50.\u003c/p\u003e"
                }
              ],
              "value": "Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market.\n\nThis issue affects SmartPlay: 66T0.05.50."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392: Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-07T15:16:26.982Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.marutisuzuki.com/corporate/technology/smartplay-systems"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.global-infotainment-system.com/en/top.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Default Credentials in ssh service for SmartPlay in Maruti Suzuki",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2024-6245",
        "datePublished": "2024-10-28T16:42:52.194Z",
        "dateReserved": "2024-06-21T14:44:25.449Z",
        "dateUpdated": "2024-11-07T15:16:26.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }