Siemens Opcenter Quality Security Bulletin: Multiple Vulnerabilities (CVE-2024-41879, CVE-2024-41980, etc.)

Critical Vulnerability Information Vulnerability Overview Advisory ID: SSA-382999 Release Date: 2025-06-12 Current Version: V1.0 CVSS v3.1 Base Score: 7.2 CVSS v4.0 Base Score: 7.5 Affected Products Product: Opcenter Quality Affected Versions: All versions prior to V2506 Vulnerability Descriptions 1. CVE-2024-41879 - Issue: The application does not enforce fine-grained authorization at certain functional levels, allowing authenticated attackers to gain full access to the application. - CVSS Score: v3.1: 7.1, v4.0: 8.0 - CWE: CWE-863: Incorrect Authorization 2. CVE-2024-41980 - Issue: The application does not encrypt LDAP interface communications, allowing unauthenticated attackers to obtain sensitive information. - CVSS Score: v3.1: 5.3, v4.0: 6.0 - CWE: CWE-311: Missing Encryption of Sensitive Data 3. CVE-2024-41882 - Issue: The application does not adequately encrypt sensitive information, allowing authenticated attackers to access sensitive data. - CVSS Score: v3.1: 4.8, v4.0: 5.6 - CWE: CWE-311: Missing Encryption of Sensitive Data 4. CVE-2024-41884 - Issue: The application exposes SQL statements in error messages, leading to sensitive information leakage. - CVSS Score: v3.1: 3.5, v4.0: 4.0 - CWE: CWE-209: Generation of Error Message Containing Sensitive Information 5. CVE-2024-41886 - Issue: The application improperly handles write access and irreversible operations, resulting in exposure of system applications. - CVSS Score: v3.1: 2.6, v4.0: 2.1 - CWE: CWE-209: Generation of Error Message Containing Sensitive Information 6. CVE-2024-41888 - Issue: The application does not log out sessions after timeout, allowing attackers to gain unauthorized access during session inactivity. - CVSS Score: v3.1: 2.6, v4.0: 2.1 - CWE: CWE-613: Insufficient Session Expiration 7. CVE-2024-41986 - Issue: The application supports insecure TLS 1.0 and 1.1 protocols, which attackers may exploit via man-in-the-middle attacks to compromise data confidentiality and integrity. - CVSS Score: v3.1: 8.4, v4.0: 6.1 - CWE: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Goal Reached Thanks to every supporter — we hit 100%!

Siemens Opcenter Quality Security Bulletin: Multiple Vulnerabilities (CVE-2024-41879, CVE-2024-41980, etc.)