Multiple vulnerabilities in Siemens QMS Automotive
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2023-40724 CVE-2023-40725 CVE-2023-40726 CVE-2023-40727 CVE-2023-40728 CVE-2023-40729 CVE-2023-40730 CVE-2023-40731 CVE-2023-40732 |
| CWE-ID | CWE-312 CWE-209 CWE-200 CWE-347 CWE-319 CWE-284 CWE-434 CWE-613 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
QMS Automotive Server applications / SCADA systems |
| Vendor |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Cleartext storage of sensitive information
EUVDB-ID: #VU80739
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40724
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to user credentials are found in memory as plaintext. A local user can get access to user credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information Exposure Through an Error Message
EUVDB-ID: #VU80742
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40725
CWE-ID:
CWE-209 - Information Exposure Through an Error Message
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to affected application returns inconsistent error messages in response to invalid user credentials during login session. A local attacker can enumerate usernames, and identify valid usernames.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU80744
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40726
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected application server responds with sensitive information about the server. A remote user can directly access the database.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU80749
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40727
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to weak outdated application signing mechanism in the QMS.Mobile module. A local user can tamper the application code.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU80750
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40728
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected application stores sensitive application data in an external insecure storage wirhin the QMS.Mobile module. A remote attacker can alter content, leading to arbitrary code execution or denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cleartext transmission of sensitive information
EUVDB-ID: #VU80752
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40729
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU80755
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40730
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the QMS.Mobile module. A remote user can access confidential information, perform administrative functions or perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Arbitrary file upload
EUVDB-ID: #VU80758
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40731
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote user can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Insufficient Session Expiration
EUVDB-ID: #VU80759
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40732
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue in the QMS.Mobile module. A local user can perform session hijacking attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsQMS Automotive: before 12.39
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
