Vulnerability in Opcenter Quality and QMS Automotive by Siemens
CVE-2021-27389

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Opcenter Quality; Qms Automotive
Vendor: CVE Published:; 22 April 2021

What is CVE-2021-27389?

A security vulnerability has been discovered in Siemens' Opcenter Quality and QMS Automotive products, where a private sign key is included with the software without proper safeguards. This oversight could allow unauthorized access or manipulation of the system. Users of these products are advised to review their security practices and consider updates to mitigate potential risks.

Affected Version(s)

Opcenter Quality All versions < V12.2

QMS Automotive All versions < V12.30

References

https://cert-portal.siemens.com/productcert/pdf/ssa-78828...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Feb 18, 2021