Lucene search

SiemensCVELIST:CVE-2022-43958

HistoryNov 08, 2022 - 12:00 a.m.

CVE-2022-43958

2022-11-0800:00:00

CWE-256

siemens

www.cve.org

vulnerability

qms automotive

user credentials

plaintext

database

hashing mechanism

attacker

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:U/RC:C

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "QMS Automotive",
    "versions": [
      {
        "version": "All versions < V12.39",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "QMS Automotive",
    "versions": [
      {
        "version": "All versions < V12.39",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf

cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:U/RC:C

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-43958