CVE-2023-40725

Summary

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.

Affected Software

VendorProductVersion RangeStatus
SiemensQMS AutomotiveAll versions < V12.39affected

Weaknesses

  • CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References