Lucene search
SiemensCVE-2023-40724HistorySep 12, 2023 - 10:15 a.m.
CVE-2023-40724
2023-09-1210:15:28
CWE-316
siemens
web.nvd.nist.gov
16
cve-2023-40724
qms automotive
v12.39
user credentials
memory dump
impersonation
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.
Affected configurations
Node
siemensqms_automotiveRange<12.39
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | qms_automotive | * | cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Siemens",
"product": "QMS Automotive",
"versions": [
{
"version": "All versions < V12.39",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]Related
cnvd
cnvd
Siemens QMS Automotive Information Leakage Hole
2023-09-14 00:00:00
cvelist
cvelist
CVE-2023-40724
2023-09-12 09:32:24
prion
prion
Design/Logic Flaw
2023-09-12 10:15:00
nvd
nvd
CVE-2023-40724
2023-09-12 10:15:28
ics
ics
Siemens QMS Automotive
2023-09-14 12:00:00
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2023-40724