← Voltar para CVEs
CVE-2024-41985
LOW2.6
Descricao
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.
Detalhes CVE
Pontuacao CVSS v3.12.6
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Vetor de ataqueADJACENT_NETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado8/12/2025
Ultima modificacao10/22/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
siemens:opcenter_quality
Fraquezas (CWE)
CWE-613
Referencias
https://cert-portal.siemens.com/productcert/html/ssa-382999.html(productcert@siemens.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.