CVE-2024-41980

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.5 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-382999.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:opcenter_quality:13.2:*:*:*:*:*:*:*

History

23 Oct 2025, 13:42

Type	Values Removed	Values Added
First Time		Siemens Siemens opcenter Quality
CPE		cpe:2.3:a:siemens:opcenter_quality:13.2:::::::*
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-382999.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-382999.html - Vendor Advisory
Summary		(es) Se ha identificado una vulnerabilidad en los módulos SmartClient Opcenter QL Home (SC) (todas las versiones >= V13.2 < V2506), SOA Audit (todas las versiones >= V13.2 < V2506) y SOA Cockpit (todas las versiones >= V13.2 < V2506). La aplicación afectada no cifra la comunicación en la interfaz LDAP por defecto. Esto podría permitir que un atacante autenticado obtenga acceso no autorizado a información confidencial.

12 Aug 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-12 12:15

Updated : 2025-10-23 13:42

NVD link : CVE-2024-41980

Mitre link : CVE-2024-41980

CVE.ORG link : CVE-2024-41980

JSON object : View

Products Affected

siemens

opcenter_quality

CWE

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2024-41980", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.0, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-12T12:15:32.213", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en los m\u00f3dulos SmartClient Opcenter QL Home (SC) (todas las versiones >= V13.2 < V2506), SOA Audit (todas las versiones >= V13.2 < V2506) y SOA Cockpit (todas las versiones >= V13.2 < V2506). La aplicaci\u00f3n afectada no cifra la comunicaci\u00f3n en la interfaz LDAP por defecto. Esto podr\u00eda permitir que un atacante autenticado obtenga acceso no autorizado a informaci\u00f3n confidencial."}], "lastModified": "2025-10-23T13:42:03.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:opcenter_quality:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "238C890D-8EBF-4378-B887-89AED294F983"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}