CVE-2023-40728 — Insecure Storage of Sensitive Information in Siemens QMS Automotive

CWE-922 — Insecure Storage of Sensitive Information3 documents3 sources

Severity

7.8HIGHNVD

CNA7.3

EPSS

0.1%

top 80.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens QMS Automotive

Timeline

PublishedSep 12

Latest updateSep 14

Description

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsiemens/qms_automotive< 12.39

▶CVEListV5siemens/qms_automotiveAll versions < V12.39

🔴Vulnerability Details

GHSA

GHSA-p47h-5852-qpgc: A vulnerability has been identified in QMS Automotive (All versions < V12↗2023-09-14

▶

CVEList

CVE-2023-40728: A vulnerability has been identified in QMS Automotive (All versions < V12↗2023-09-12

▶