Lucene search
HistorySep 12, 2023 - 10:15 a.m.
CVE-2023-40724
vulnerability
qms automotive
user credentials
memory dump
impersonation
cve-2023-40724
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
7.2
Confidence
High
EPSS
0
Percentile
9.0%
A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.
Affected configurations
Node
siemensqms_automotiveRange<12.39
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | qms_automotive | * | cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2023-40724
2023-09-12 10:15:28
prion
prion
Design/Logic Flaw
2023-09-12 10:15:00
cnvd
cnvd
Siemens QMS Automotive Information Leakage Hole
2023-09-14 00:00:00
cvelist
cvelist
CVE-2023-40724
2023-09-12 09:32:24
ics
ics
Siemens QMS Automotive
2023-09-14 12:00:00
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
7.2
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2023-40724