CVE-2024-41985

Summary

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.

Affected Software

VendorProductVersion RangeStatus
SiemensSmartClient modules Opcenter QL Home (SC)V13.2 < V2506affected
SiemensSOA AuditV13.2 < V2506affected
SiemensSOA CockpitV13.2 < V2506affected

Weaknesses

  • CWE-613: CWE-613: Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References