Vulnerabilities > CVE-2023-40732 - Insufficient Session Expiration vulnerability in Siemens QMS Automotive 12.30

CVSS 3.9 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

local

low complexity

siemens

CWE-613

NVD

Published: 2023-09-12

Updated: 2023-09-14

Summary

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens QMS Automotive - Siemens QMS Automotive 12.30	2

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf