cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-40732,https://securityvulnerability.io/vulnerability/CVE-2023-40732,Session Hijacking Vulnerability in QMS Automotive by Siemens,"A serious vulnerability exists in QMS Automotive software prior to version 12.39. The QMS.Mobile module fails to invalidate session tokens upon user logout. This oversight can potentially allow attackers to exploit the session and gain unauthorized access, leading to session hijacking. Organizations using this software should take immediate action to update to the latest version to mitigate the risk of exploitation.",Siemens,QMS Automotive,3.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40730,https://securityvulnerability.io/vulnerability/CVE-2023-40730,Authorization Bypass Vulnerability in QMS Automotive by Siemens,"A significant authorization bypass vulnerability exists in the QMS.Mobile module of QMS Automotive, specifically in all versions below V12.39. This flaw allows unauthorized users to gain access to confidential information, perform actions associated with administrative privileges, and could potentially trigger a denial-of-service condition, posing serious risks to data integrity and availability.",Siemens,QMS Automotive,8.8,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40731,https://securityvulnerability.io/vulnerability/CVE-2023-40731,File Upload Vulnerability in QMS Automotive by Siemens,"A vulnerability exists in QMS Automotive that allows users to upload arbitrary file types, which poses a substantial risk of code tampering and potential exploitation by attackers. When unauthorized file uploads are permitted, malicious actors can leverage this flaw to execute harmful code within the system. This vulnerability affects all versions of the application prior to V12.39, emphasizing the need for immediate remediation to safeguard against potential security breaches.",Siemens,QMS Automotive,8.8,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40724,https://securityvulnerability.io/vulnerability/CVE-2023-40724,Plaintext Credential Exposure in QMS Automotive by Siemens,"A vulnerability has been detected in QMS Automotive, where user credentials are stored in memory without encryption. This security flaw allows an attacker to perform a memory dump, thereby gaining access to sensitive user credentials stored in plaintext. The compromised information could enable unauthorized access and impersonation, posing a significant risk to users and systems relying on QMS Automotive for their operations.",Siemens,QMS Automotive,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40725,https://securityvulnerability.io/vulnerability/CVE-2023-40725,Inconsistent Error Message Vulnerability in QMS Automotive by Siemens,"A vulnerability has been discovered in QMS Automotive where the application generates inconsistent error messages during login attempts with invalid user credentials. This issue could be exploited by an attacker to enumerate valid usernames, posing a significant risk as it could potentially lead to unauthorized access and further attacks on the system. It is crucial for organizations using this software to update to version 12.39 or later to mitigate this risk.",Siemens,QMS Automotive,4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40726,https://securityvulnerability.io/vulnerability/CVE-2023-40726,Sensitive Information Disclosure in QMS Automotive by Siemens,"A vulnerability in QMS Automotive prior to version 12.39 allows the application server to disclose sensitive server information. This information leak could potentially enable an attacker to gain unauthorized access to the database, posing a significant risk to the integrity and confidentiality of the data managed by the application. Proper security measures and updates are essential to mitigate this risk.",Siemens,QMS Automotive,8.8,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40727,https://securityvulnerability.io/vulnerability/CVE-2023-40727,Weak Application Signing Mechanism in QMS Automotive by Siemens,"A security flaw has been discovered in the QMS Automotive application, specifically in the QMS.Mobile module, which utilizes a dated application signing mechanism. This weakness can potentially be exploited by attackers to modify the application code, posing a significant risk to the integrity of the software. It is critical that users of versions prior to V12.39 take immediate action to address this vulnerability to safeguard their systems.",Siemens,QMS Automotive,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40728,https://securityvulnerability.io/vulnerability/CVE-2023-40728,Insecure Storage Vulnerability in QMS Automotive by Siemens,"A vulnerability has been discovered in the QMS.Mobile module of QMS Automotive, where sensitive application data is stored in an external insecure storage location. This flaw could potentially allow an unauthorized attacker to manipulate application content, resulting in arbitrary code execution or potentially leading to a denial-of-service condition. Users are advised to upgrade to a secure version to mitigate these risks.",Siemens,QMS Automotive,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2023-40729,https://securityvulnerability.io/vulnerability/CVE-2023-40729,Security Flaw in QMS Automotive Application from Siemens,"A security control weakness has been discovered in QMS Automotive versions prior to V12.39, allowing unencrypted communication to occur without the protection of HTTPS. This flaw makes the application susceptible to machine-in-the-middle attacks, where an attacker could intercept, manipulate, or steal sensitive data being transmitted. The absence of proper encryption safeguards significantly increases the risk to confidential information handled by the application.",Siemens,QMS Automotive,7.4,HIGH,0.001610000035725534,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0 CVE-2022-43958,https://securityvulnerability.io/vulnerability/CVE-2022-43958,User Credential Storage Vulnerability in QMS Automotive by Siemens,"A significant security issue has been found in QMS Automotive across all versions prior to V12.39, where user credentials are stored in plaintext within the database. This lack of hashing poses a severe risk, as attackers could exploit this vulnerability to retrieve and misuse stored credentials, potentially leading to user impersonation and unauthorized access to sensitive information.",Siemens,Qms Automotive,7.6,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0 CVE-2021-27389,https://securityvulnerability.io/vulnerability/CVE-2021-27389,Vulnerability in Opcenter Quality and QMS Automotive by Siemens,"A security vulnerability has been discovered in Siemens' Opcenter Quality and QMS Automotive products, where a private sign key is included with the software without proper safeguards. This oversight could allow unauthorized access or manipulation of the system. Users of these products are advised to review their security practices and consider updates to mitigate potential risks.",Siemens,"Opcenter Quality,Qms Automotive",9.8,CRITICAL,0.0017000000225380063,false,,false,false,false,,,false,false,,2021-04-22T20:42:21.000Z,0