QMS Automotive <V12.39: Memory Dump Exposes Plaintext Credentials
CVE-2023-40724 Published on September 12, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.
Weakness Type
Cleartext Storage of Sensitive Information in Memory
The application stores sensitive information in cleartext in memory.
Products Associated with CVE-2023-40724
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-40724 are published in Siemens Qms Automotive:
Affected Versions
Siemens QMS Automotive Version All versions < V12.39 is affected by CVE-2023-40724Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.