File Upload Vulnerability in QMS Automotive by Siemens
CVE-2023-40731

5.7MEDIUM

Key Information:

Vendor: Siemens
Status: Qms Automotive
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-40731?

A vulnerability exists in QMS Automotive that allows users to upload arbitrary file types, which poses a substantial risk of code tampering and potential exploitation by attackers. When unauthorized file uploads are permitted, malicious actors can leverage this flaw to execute harmful code within the system. This vulnerability affects all versions of the application prior to V12.39, emphasizing the need for immediate remediation to safeguard against potential security breaches.

Affected Version(s)

QMS Automotive All versions < V12.39

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14726...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 21, 2023