User Credential Storage Vulnerability in QMS Automotive by Siemens
CVE-2022-43958

7.6HIGH

Key Information:

Vendor: Siemens
Status: Qms Automotive
Vendor: CVE Published:; 8 November 2022

Summary

A significant security issue has been found in QMS Automotive across all versions prior to V12.39, where user credentials are stored in plaintext within the database. This lack of hashing poses a severe risk, as attackers could exploit this vulnerability to retrieve and misuse stored credentials, potentially leading to user impersonation and unauthorized access to sensitive information.

Affected Version(s)

QMS Automotive All versions < V12.39

References

https://cert-portal.siemens.com/productcert/pdf/ssa-58754...

https://cert-portal.siemens.com/productcert/pdf/ssa-14726...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Oct 27, 2022