CVE-2023-40727

Name of the Vulnerable Software and Affected Versions QMS Automotive versions prior to V12.39

Description A vulnerability has been identified in the QMS.Mobile module of QMS Automotive, which uses a weak and outdated application signing mechanism. This could allow an attacker to tamper with the application code. The issue is related to incorrect cryptographic signature verification, which may enable an attacker to forge the application code.

Recommendations For versions prior to V12.39, update to version V12.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the QMS.Mobile module to minimize the risk of exploitation.