Primary

Context

Siemens Opcenter Quality SmartClient Modules LDAP Communication Vulnerability

Vulnerability

A vulnerability exists in Siemens Opcenter Quality SmartClient modules, specifically in Opcenter QL Home (SC), SOA Audit, and SOA Cockpit, all versions from 13.2 up to 2506. The issue arises because these applications do not, by default, encrypt communications over the LDAP interface. This lack of encryption could enable an authenticated attacker to access sensitive information without authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information via the unencrypted LDAP communication.

Remediation

Users are advised to enable secure protocols on the LDAP interface by activating the SSL flag in the configuration and properly setting up the TLS configuration. Additionally, all users, including those in LDAP, should be granted only the minimum necessary privileges.

Added: Aug 12, 2025, 1:08 PM

Updated: Aug 12, 2025, 3:28 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Opcenter Quality SmartClient Modules LDAP Communication Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens Opcenter QL Home

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating