Automotive CVSS v3.1 Base Score Calculator

Scope (S)

Does this finding allow pivoting to other CAN Buses / networks?

Exploitability Metrics

Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI):

Is there any special precondition, or this can be exploited during normal operation?

Impact Metrics

Confidentiality (C):

Reveals any sensitive information - user data, crypto keys, source code

Integrity (I):

Allows for standard operation disruption. (e.g. message injection)

Availability (A):

Disturbs the function of the system/unit (e.g. ECU reset)