SSA-788287 — Vulnetix

SSA-788287 PUBLISHED CVSS 10 CRITICAL

Due to SmartClient Installation technology (ClickOnce) a customer/integrator needs to create a customer specific Smartclient installer. The mentioned products delivered a trusted but yet expired codesigning certificate. An attacker could have exploited the vulnerability by spoofing the code-signing certificate and signing a malicious executable resulting in having a trusted digital signature from a trusted provider. The certificate was revoked immediately.

Risk Scores

CVSS v3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C

Affected Products

Vendor	Product	Versions
	Opcenter Quality
	QMS Automotive

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-788287.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-788287.json advisory

Open in Interactive Console →