9.1

CVE-2022-43958

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.232
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
productcert@siemens.com 7.6 2.1 5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-256 Plaintext Storage of a Password

The product stores a password in plaintext within resources such as memory or files.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf
Vendor Advisory
Mitigation