Vulnerabilities > CVE-2022-43958 - Unprotected Storage of Credentials vulnerability in Siemens QMS Automotive

CVSS 7.6 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

low complexity

siemens

CWE-256

NVD

Published: 2022-11-08

Updated: 2023-09-12

Summary

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens QMS Automotive *	1

Common Weakness Enumeration (CWE)

CWE-256 - Unprotected Storage of Credentials

References

https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf