CVE-2024-41979
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-10-23
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | opcenter_quality | 13.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain SmartClient modules (Opcenter QL Home, SOA Audit, SOA Cockpit) versions from V13.2 up to but not including V2506. The issue is that the application does not enforce mandatory authorization checks on some functionality at the server side. As a result, an authenticated attacker with limited privileges could exploit this flaw to gain complete access to the application.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an authenticated attacker to bypass authorization controls and gain full access to the affected application. This means the attacker could potentially view, modify, or delete sensitive data and perform any actions within the application, leading to significant security risks.