Vulnerabilites related to Siemens - SOA Audit
CVE-2024-41980 (GCVE-0-2024-41980)
Vulnerability from cvelistv5
Published
2025-08-12 11:16
Modified
2025-08-12 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SmartClient modules Opcenter QL Home (SC) |
Version: V13.2 < V2506 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:53:40.030449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:54:00.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartClient modules Opcenter QL Home (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Audit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:35.999Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41980",
"datePublished": "2025-08-12T11:16:35.999Z",
"dateReserved": "2024-07-25T12:46:30.322Z",
"dateUpdated": "2025-08-12T15:54:00.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41979 (GCVE-0-2024-41979)
Vulnerability from cvelistv5
Published
2025-08-12 11:16
Modified
2025-08-12 15:54
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SmartClient modules Opcenter QL Home (SC) |
Version: V13.2 < V2506 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:54:24.954678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:54:33.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartClient modules Opcenter QL Home (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Audit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:34.660Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41979",
"datePublished": "2025-08-12T11:16:34.660Z",
"dateReserved": "2024-07-25T12:46:30.321Z",
"dateUpdated": "2025-08-12T15:54:33.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41982 (GCVE-0-2024-41982)
Vulnerability from cvelistv5
Published
2025-08-12 11:16
Modified
2025-08-12 15:53
Severity ?
4.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
5.9 (Medium) - CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
5.9 (Medium) - CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SmartClient modules Opcenter QL Home (SC) |
Version: V13.2 < V2506 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:53:08.764312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:53:21.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartClient modules Opcenter QL Home (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Audit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:37.292Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41982",
"datePublished": "2025-08-12T11:16:37.292Z",
"dateReserved": "2024-07-25T12:46:30.322Z",
"dateUpdated": "2025-08-12T15:53:21.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41984 (GCVE-0-2024-41984)
Vulnerability from cvelistv5
Published
2025-08-12 11:16
Modified
2025-08-12 19:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SmartClient modules Opcenter QL Home (SC) |
Version: V13.2 < V2506 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:32:49.960577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:33:52.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartClient modules Opcenter QL Home (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Audit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:39.989Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41984",
"datePublished": "2025-08-12T11:16:39.989Z",
"dateReserved": "2024-07-25T12:46:30.322Z",
"dateUpdated": "2025-08-12T19:33:52.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41983 (GCVE-0-2024-41983)
Vulnerability from cvelistv5
Published
2025-08-12 11:16
Modified
2025-08-12 19:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SmartClient modules Opcenter QL Home (SC) |
Version: V13.2 < V2506 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:45:04.629537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:47:22.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartClient modules Opcenter QL Home (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Audit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:38.616Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41983",
"datePublished": "2025-08-12T11:16:38.616Z",
"dateReserved": "2024-07-25T12:46:30.322Z",
"dateUpdated": "2025-08-12T19:47:22.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41986 (GCVE-0-2024-41986)
Vulnerability from cvelistv5
Published
2025-08-12 11:16
Modified
2025-08-12 19:16
Severity ?
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
6.1 (Medium) - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
6.1 (Medium) - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SmartClient modules Opcenter QL Home (SC) |
Version: V13.2 < V2506 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:16:25.144706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:16:56.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartClient modules Opcenter QL Home (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Audit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:42.595Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41986",
"datePublished": "2025-08-12T11:16:42.595Z",
"dateReserved": "2024-07-25T12:46:30.322Z",
"dateUpdated": "2025-08-12T19:16:56.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41985 (GCVE-0-2024-41985)
Vulnerability from cvelistv5
Published
2025-08-12 11:16
Modified
2025-08-12 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SmartClient modules Opcenter QL Home (SC) |
Version: V13.2 < V2506 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:24:10.939392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:25:28.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartClient modules Opcenter QL Home (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Audit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SOA Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506",
"status": "affected",
"version": "V13.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:41.301Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41985",
"datePublished": "2025-08-12T11:16:41.301Z",
"dateReserved": "2024-07-25T12:46:30.322Z",
"dateUpdated": "2025-08-12T19:25:28.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}