First published: Tue Nov 08 2022(Updated: )
A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Qms Automotive | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-43958 is critical.
CVE-2022-43958 is a vulnerability in QMS Automotive (All versions < V12.39) where user credentials are stored in plaintext in the database without any hashing mechanism.
An attacker can exploit CVE-2022-43958 by gaining access to the plaintext user credentials stored in the database and impersonating other users.
To mitigate CVE-2022-43958, update QMS Automotive to version V12.39 or later, which addresses the vulnerability by implementing a hashing mechanism for user credentials.
More information about CVE-2022-43958 can be found in the following references: [SSA-147266.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf) and [SSA-587547.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf).