CVE-2023-40728
First published: Tue Sep 12 2023(Updated: )
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Qms Automotive | <12.39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-40728?
CVE-2023-40728 is a vulnerability identified in QMS Automotive (All versions < V12.39) where the QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage.
What is the severity of CVE-2023-40728?
The severity of CVE-2023-40728 is high, with a severity value of 7.3.
How can an attacker exploit CVE-2023-40728?
An attacker can exploit CVE-2023-40728 by altering content in the external insecure storage, leading to arbitrary code execution or denial-of-service.
How can I fix CVE-2023-40728?
To fix CVE-2023-40728, update QMS Automotive to version V12.39 or higher to secure the storage of sensitive application data.
Where can I find more information about CVE-2023-40728?
You can find more information about CVE-2023-40728 in the official Siemens ProductCERT advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens qms automotive