Lucene search

SiemensCVELIST:CVE-2023-40725

HistorySep 12, 2023 - 9:32 a.m.

CVE-2023-40725

2023-09-1209:32:25

CWE-209

siemens

www.cve.org

vulnerability

qms automotive

error messages

user credentials

attacker

usernames

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

AI Score

4.5

Confidence

High

EPSS

Percentile

12.7%

JSON

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "QMS Automotive",
    "versions": [
      {
        "version": "All versions < V12.39",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

AI Score

4.5

Confidence

High

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2023-40725