CVE-2022-43958 - Vulnerability Details - OpenCVE

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Siemens	Qms Automotive

Configuration 1 [-]

cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf

History

Mon, 21 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-11-08T00:00:00.000Z

Updated: 2025-04-21T13:46:20.800Z

Reserved: 2022-10-27T00:00:00.000Z

Link: CVE-2022-43958

Vulnrichment

Updated: 2024-08-03T13:47:04.389Z

NVD

Status : Modified

Published: 2022-11-08T11:15:12.193

Modified: 2024-11-21T07:27:24.770

Link: CVE-2022-43958

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43958", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "dateUpdated": "2025-04-21T13:46:20.800Z", "dateReserved": "2022-10-27T00:00:00.000Z", "datePublished": "2022-11-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-09-12T09:32:02.019Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users."}], "affected": [{"vendor": "Siemens", "product": "QMS Automotive", "versions": [{"version": "All versions < V12.39", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "QMS Automotive", "versions": [{"version": "All versions < V12.39", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:U/RC:C", "baseScore": 7.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-256", "description": "CWE-256: Plaintext Storage of a Password", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:47:04.389Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-18T15:22:05.948524Z", "id": "CVE-2022-43958", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T13:46:20.800Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:47:04.389Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43958", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-18T15:22:05.948524Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-18T15:22:09.273Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:U/RC:C"}}], "affected": [{"vendor": "Siemens", "product": "QMS Automotive", "versions": [{"status": "affected", "version": "All versions < V12.39"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "QMS Automotive", "versions": [{"status": "affected", "version": "All versions < V12.39"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256: Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-09-12T09:32:02.019Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43958", "state": "PUBLISHED", "dateUpdated": "2025-04-21T13:46:20.800Z", "dateReserved": "2022-10-27T00:00:00.000Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2022-11-08T00:00:00.000Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:*", "matchCriteriaId": "495D38E5-5C7F-43C2-997F-D2226C7D0A2C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en QMS Automotive (todas las versiones < V12.39), QMS Automotive (todas las versiones < V12.39). Las credenciales de usuario se almacenan en texto plano en la base de datos sin ning\u00fan mecanismo de hash. Esto podr\u00eda permitir a un atacante obtener acceso a las credenciales y suplantar a otros usuarios."}], "id": "CVE-2022-43958", "lastModified": "2024-11-21T07:27:24.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.5, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-11-08T11:15:12.193", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"}, {"source": "productcert@siemens.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Secondary"}]}