CVE-2024-41979 — Incorrect Authorization in Siemens Smartclient Modules Opcenter QL Home

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 95.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Smartclient Modules Opcenter QL Home Siemens SOA Audit Siemens SOA Cockpit +1 more

Timeline

PublishedAug 12

Description

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5siemens/smartclient_modules_opcenter_ql_homeV13.2 — V2506

▶NVDsiemens/opcenter_quality13.2

▶CVEListV5siemens/soa_auditV13.2 — V2506

▶CVEListV5siemens/soa_cockpitV13.2 — V2506

🔴Vulnerability Details

CVEList

CVE-2024-41979: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13↗2025-08-12

▶

GHSA

GHSA-xppg-xx55-6rw5: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13↗2025-08-12

▶