Vulnerabilities > CVE-2023-40728 - Insecure Storage of Sensitive Information vulnerability in Siemens QMS Automotive 12.30

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

siemens

CWE-922

NVD

Published: 2023-09-12

Updated: 2023-09-14

Summary

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens QMS Automotive - Siemens QMS Automotive 12.30	2

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf