Security Flaw in QMS Automotive Application from Siemens
CVE-2023-40729

7.3HIGH

Key Information:

Vendor: Siemens
Status: Qms Automotive
Vendor: CVE Published:; 12 September 2023

Summary

A security control weakness has been discovered in QMS Automotive versions prior to V12.39, allowing unencrypted communication to occur without the protection of HTTPS. This flaw makes the application susceptible to machine-in-the-middle attacks, where an attacker could intercept, manipulate, or steal sensitive data being transmitted. The absence of proper encryption safeguards significantly increases the risk to confidential information handled by the application.

Affected Version(s)

QMS Automotive All versions < V12.39

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14726...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 21, 2023