Lucene search
HistorySep 12, 2023 - 10:15 a.m.
CVE-2023-40727
vulnerability
qms automotive
weak signing mechanism
tampering
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0
Percentile
9.0%
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.
Affected configurations
Node
siemensqms_automotiveRange<12.39
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | qms_automotive | * | cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-40727
2023-09-12 09:32:27
prion
prion
Code injection
2023-09-12 10:15:00
cnvd
cnvd
Siemens QMS Automotive Data Forgery Issue Vulnerability
2023-09-14 00:00:00
cve
cve
CVE-2023-40727
2023-09-12 10:15:29
ics
ics
Siemens QMS Automotive
2023-09-14 12:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2023-40727