← Voltar para CVEs
CVE-2024-41980
LOW3.1
Descricao
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.
Detalhes CVE
Pontuacao CVSS v3.13.1
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueADJACENT_NETWORK
ComplexidadeHIGH
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado8/12/2025
Ultima modificacao10/23/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
siemens:opcenter_quality
Fraquezas (CWE)
CWE-311
Referencias
https://cert-portal.siemens.com/productcert/html/ssa-382999.html(productcert@siemens.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.