CVE-2023-40725

Published: Sep 12, 2023Modified: Nov 21, 2024

4.0

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.5 / Impact: 1.4

Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.

Affected (1)

Products: Siemens: Qms Automotive

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Qms Automotive	Before 12.39

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.