CVE-2023-40729

Name of the Vulnerable Software and Affected Versions QMS Automotive versions prior to V12.39

Description A vulnerability has been identified in the affected application, which lacks security control to prevent unencrypted communication without HTTPS. This could allow an attacker who gains a machine-in-the-middle position to manipulate or steal confidential information. The issue is related to the transmission of data in an open manner, potentially enabling a remote attacker to perform a man-in-the-middle (MITM) attack.

Recommendations For versions prior to V12.39, consider implementing HTTPS to encrypt communication and prevent manipulation or theft of confidential information. As a temporary workaround, restrict access to sensitive data until a secure version is available.