CVE-2024-41986

Summary

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

Affected Software

VendorProductVersion RangeStatus
SiemensSmartClient modules Opcenter QL Home (SC)V13.2 < V2506affected
SiemensSOA AuditV13.2 < V2506affected
SiemensSOA CockpitV13.2 < V2506affected

Weaknesses

  • CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References