Authorization Bypass Vulnerability in QMS Automotive by Siemens
CVE-2023-40730

8.8HIGH

Key Information:

Vendor: Siemens
Status: QMS Automotive
Vendor: CVE Published:; 12 September 2023

Summary

A significant authorization bypass vulnerability exists in the QMS.Mobile module of QMS Automotive, specifically in all versions below V12.39. This flaw allows unauthorized users to gain access to confidential information, perform actions associated with administrative privileges, and could potentially trigger a denial-of-service condition, posing serious risks to data integrity and availability.

Affected Version(s)

QMS Automotive All versions < V12.39

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14726...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 21, 2023