CVE-2022-43958

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:27

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf - () https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf -
References () https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf - Mitigation, Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf - Mitigation, Vendor Advisory

12 Sep 2023, 10:15

Type Values Removed Values Added
CWE CWE-312 CWE-256
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 7.6
References
  • (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf -
Summary A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users. A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

Information

Published : 2022-11-08 11:15

Updated : 2024-11-21 07:27


NVD link : CVE-2022-43958

Mitre link : CVE-2022-43958

CVE.ORG link : CVE-2022-43958


JSON object : View

Products Affected

siemens

  • qms_automotive
CWE
CWE-256

Plaintext Storage of a Password

CWE-312

Cleartext Storage of Sensitive Information