{"api_version":"1","generated_at":"2026-04-23T10:42:20+00:00","cve":"CVE-2023-40728","urls":{"html":"https://cve.report/CVE-2023-40728","api":"https://cve.report/api/cve/CVE-2023-40728.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-40728","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-40728"},"summary":{"title":"CVE-2023-40728","description":"A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.","state":"PUBLIC","assigner":"productcert@siemens.com","published_at":"2023-09-12 10:15:00","updated_at":"2023-09-14 17:28:00"},"problem_types":["CWE-922"],"metrics":[],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-40728","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40728","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"40728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"qms_automotive","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-40728","ASSIGNER":"productcert@siemens.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-922: Insecure Storage of Sensitive Information","cweId":"CWE-922"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Siemens","product":{"product_data":[{"product_name":"QMS Automotive","version":{"version_data":[{"version_affected":"=","version_value":"All versions < V12.39"}]}}]}}]}},"references":{"reference_data":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf","refsource":"MISC","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"}]},"impact":{"cvss":[{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C","baseScore":7.3,"baseSeverity":"HIGH"}]}},"nvd":{"publishedDate":"2023-09-12 10:15:00","lastModifiedDate":"2023-09-14 17:28:00","problem_types":["CWE-922"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:*","versionEndExcluding":"12.39","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}