Home

Description

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.

PUBLISHED Reserved 2024-07-25 | Published 2025-08-12 | Updated 2025-08-12 | Assigner siemens




HIGH: 7.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
HIGH: 7.5CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-863: Incorrect Authorization

Product status

Default status
unknown

V13.2 before V2506
affected

Default status
unknown

V13.2 before V2506
affected

Default status
unknown

V13.2 before V2506
affected

References

cert-portal.siemens.com/productcert/html/ssa-382999.html

cve.org (CVE-2024-41979)

nvd.nist.gov (CVE-2024-41979)

Download JSON