SSA-382999

Siemens Security Advisory by Siemens ProductCERT

SSA-382999: Multiple Vulnerabilities in Opcenter Quality Before V2506

Publication Date:	2025-08-12
Last Update:	2025-08-12
Current Version:	V1.0
CVSS v3.1 Base Score:	7.1
CVSS v4.0 Base Score:	7.5

SUMMARY

The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit.

Siemens has released new versions for the affected products and recommends to update to the latest versions.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
Opcenter Quality	Show more details
SmartClient modules Opcenter QL Home (SC) All versions >= V13.2 < V2506 affected by all CVEs CVE-2024-41979 CVE-2024-41980 CVE-2024-41982 CVE-2024-41983 CVE-2024-41984 CVE-2024-41985 CVE-2024-41986	Update to V2506 or later version https://support.sw.siemens.com/product/249261320/ See further recommendations from section Workarounds and Mitigations
SOA Audit All versions >= V13.2 < V2506 affected by all CVEs CVE-2024-41979 CVE-2024-41980 CVE-2024-41982 CVE-2024-41983 CVE-2024-41984 CVE-2024-41985 CVE-2024-41986	Update to V2506 or later version https://support.sw.siemens.com/product/249261320/ See further recommendations from section Workarounds and Mitigations
SOA Cockpit All versions >= V13.2 < V2506 affected by all CVEs CVE-2024-41979 CVE-2024-41980 CVE-2024-41982 CVE-2024-41983 CVE-2024-41984 CVE-2024-41985 CVE-2024-41986	Update to V2506 or later version https://support.sw.siemens.com/product/249261320/ See further recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

CVE-2024-41979:

Remove all tools giving possibility to call SOAP-services outside from the SmartClient

The hardening instructions mentioned in the products security concept should be followed

The SmartClient should be operated in a secured network and context only

CVE-2024-41980:

All the users (including in LDAP) should be given the least privileges required

Harden LDAP-interface secure protocols by enabling the SSL-flag on configuration and a proper setup of your TLS-configuration

CVE-2024-41982: Limit the permission to access those fields using the least privilege strategy
CVE-2024-41983:

Do not use original table structures and accounts for reporting. Create your own reporting accounts which have access via synonyms forwarding on views representing access to result-sets the user may use for evaluation

Harden your IIS

Limit the information to prevent to the end-user based on the need-to-know-principle to the minimum possible information

Prevent any scanning of structures and configurations

Use DB-tools to limit load on productive systems for reporting accounts or use offline systems for reporting

CVE-2024-41984:

Hardening of the solution, including the OS and IIS, is required, with specific measures such as hiding the IIS version to enhance security

Users should not have the possibility to scan folders and extensions of files allowed to open should be limited to the required one

CVE-2024-41986:

Disable all protocols (SSL v2/v3, TLS 1.0, TLS 1.1) the solution should not use.

Ensure, TLS 1.2 is enabled if you plan to use TLS 1.2.

Follow the instructions of the security concept of Opcenter Quality and vendors.

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

Opcenter Quality is a quality management system (QMS) that enables organizations to safeguard compliance, optimize quality, reduce defect and rework costs and achieve operational excellence by increasing process stability. The integrated process capabilities (control charts, statistics, quality gates) can detect production errors to avoid further processing and shipment of nonconforming material.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-41979

The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.

CVSS v3.1 Base Score	7.1
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score	7.5
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-863: Incorrect Authorization

Vulnerability CVE-2024-41980

The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.

CVSS v3.1 Base Score	3.1
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
CVSS v4.0 Base Score	2.0
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CWE	CWE-311: Missing Encryption of Sensitive Data

Vulnerability CVE-2024-41982

The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information.

CVSS v3.1 Base Score	4.8
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVSS v4.0 Base Score	5.9
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE	CWE-311: Missing Encryption of Sensitive Data

Vulnerability CVE-2024-41983

The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool.

CVSS v3.1 Base Score	3.5
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v4.0 Base Score	5.1
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CWE	CWE-209: Generation of Error Message Containing Sensitive Information

Vulnerability CVE-2024-41984

The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications.

CVSS v3.1 Base Score	2.6
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS v4.0 Base Score	2.1
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CWE	CWE-209: Generation of Error Message Containing Sensitive Information

Vulnerability CVE-2024-41985

The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.

CVSS v3.1 Base Score	2.6
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS v4.0 Base Score	2.1
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CWE	CWE-613: Insufficient Session Expiration

Vulnerability CVE-2024-41986

The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

CVSS v3.1 Base Score	6.4
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS v4.0 Base Score	6.1
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-08-12):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.