CVE-2022-43958

HIGH7.6

Description

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Physical

Unchanged

Changed

Affected products

Siemens / QMS AutomotiveAll versions < V12.39 – All versions < V12.39

References

MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf
MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf

Updated 57m ago · 2 sources