File Upload Vulnerability in QMS Automotive by Siemens
CVE-2023-40731

8.8HIGH

Key Information:

Vendor: Siemens
Status: QMS Automotive
Vendor: CVE Published:; 12 September 2023

Summary

A vulnerability exists in QMS Automotive that allows users to upload arbitrary file types, which poses a substantial risk of code tampering and potential exploitation by attackers. When unauthorized file uploads are permitted, malicious actors can leverage this flaw to execute harmful code within the system. This vulnerability affects all versions of the application prior to V12.39, emphasizing the need for immediate remediation to safeguard against potential security breaches.

Affected Version(s)

QMS Automotive All versions < V12.39

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14726...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 21, 2023