Siemens Soa Audit vulnerabilities

CVE-2024-41979 [HIGH] CWE-863 CVE-2024-41979: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V1 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.

CVE-2024-41983 [MEDIUM] CWE-209 CVE-2024-41983: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V1 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool.

CVE-2024-41986 [MEDIUM] CWE-327 CVE-2024-41986: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V1 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

CVE-2024-41982 [MEDIUM] CWE-311 CVE-2024-41982: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V1 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information.

CVE-2024-41980 [LOW] CWE-311 CVE-2024-41980: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V1 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.

CVE-2024-41985 [LOW] CWE-613 CVE-2024-41985: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V1 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.

CVE-2024-41984 [LOW] CWE-209 CVE-2024-41984: A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V1 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 = V13.2 = V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications.