CVE-2024-41979

Summary

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.

Affected Software

VendorProductVersion RangeStatus
SiemensSmartClient modules Opcenter QL Home (SC)V13.2 < V2506affected
SiemensSOA AuditV13.2 < V2506affected
SiemensSOA CockpitV13.2 < V2506affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References