Siemans QMS Automotive

🗓️ 12 Sep 2023 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 45 Views

Siemens QMS Automotive vulnerabilities. Exploitable remotely/low attack complexity. Plaintext Storage, Cleartext Storage, Error Message Exposure, Cryptographic Signature Verification, Insecure Storage, Access Control, File Upload, Insufficient Session Expiration

Reporter	Title	Published	Views	Family All 124
BDU FSTEC	The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, arises from the unencrypted storage of critical information, allowing a hacker to expose user credentials.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, arises from the fact that confidential information is stored in unencrypted form in memory, allowing a hacker to obtain user account details.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of quality management software for automobile manufacturers, related to the leakage of information in error messages, allows a perpetrator to gain unauthorized access to protected information.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, relates to the ability to disclose information through a server error message, allowing an intruder to gain unauthorized access to the database.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the QMS.Mobile module of the software for quality management solutions, which is used by automobile manufacturers like QMS Automotive, allows a violator to forge the application code.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the software for quality management systems in the automotive industry, related to the transmission of data in an open format, allows a attacker to perform a “Man-in-the-Middle” attack.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers allows a perpetrator to execute arbitrary code or trigger service failures.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers allows a perpetrator to disclose protected information, perform arbitrary functions, or cause service failures.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the software for quality management systems in the automotive industry allows attackers to load unlimited amounts of malicious files, enabling them to execute arbitrary code.	19 Sep 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers allows a violator to intercept an active session.	19 Sep 202300:00	–	bdu_fstec

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-147266.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-147266.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-147266.txt
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-257-03.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-257-03
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf

12 Sep 2023 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 3.18.8 - 9.1

EPSS0.00228

SSVC