CVE-2024-41979 HIGH

CVE-2024-41979

Vendor Siemens

Product SmartClient modules Opcenter QL Home (SC)

Weakness CWE-863 · Incorrect authorization

Published August 12, 2025

Last update August 12, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Adjacent

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.

Key dates

02Disclosure timeline

August 12, 2025 CVE published

August 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-41979

Related vulnerabilities

Identifiers

CVE CVE-2024-41979

CWE CWE-863

CVSS 7.1 / HIGH

Affected versions

Vendor Siemens

Product SmartClient modules Opcenter QL Home (SC)

Affected ≥ V13.2 and < V2506

Vendor Siemens

Product SOA Audit

Affected ≥ V13.2 and < V2506

Vendor Siemens

Product SOA Cockpit

Affected ≥ V13.2 and < V2506

CVE-2024-41979

01Description

02Disclosure timeline

03References

04Related CVE