CVE-2023-40730
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 18:38
Severity
Summary
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition.
References
Source | URL | Tags |
---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf | Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
Siemens | QMS Automotive |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:38:51.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "QMS Automotive", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V12.39" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in QMS Automotive (All versions \u003c V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-12T09:32:30.722Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-40730", "datePublished": "2023-09-12T09:32:30.722Z", "dateReserved": "2023-08-21T10:57:08.486Z", "dateUpdated": "2024-08-02T18:38:51.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-40730\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2023-09-12T10:15:29.403\",\"lastModified\":\"2023-09-14T17:00:29.273\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in QMS Automotive (All versions \u003c V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en QMS Automotive (todas las versiones \u0026lt; V12.39). El m\u00f3dulo QMS.Mobile de la aplicaci\u00f3n afectada carece de suficientes comprobaciones de autorizaci\u00f3n. Esto podr\u00eda permitir a un atacante acceder a informaci\u00f3n confidencial, realizar funciones administrativas o provocar una condici\u00f3n de denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.39\",\"matchCriteriaId\":\"17162BBB-9C4B-4347-B2F6-F8E40D67C954\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...