CVE-2024-41980
LOWDescription
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| siemens | opcenter_quality |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-41980? +
How severe is CVE-2024-41980? +
What products are affected by CVE-2024-41980? +
How do I check if I'm vulnerable to CVE-2024-41980? +
Related Vulnerabilities
The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy …
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the …
Sensitive customer information is stored in the device without encryption.
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT …
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to …