Siemens Opcenter Quality SmartClient Modules Error Handling Vulnerability

A vulnerability exists in Siemens Opcenter Quality SmartClient modules, specifically in Opcenter QL Home (SC), SOA Audit, and SOA Cockpit, all versions from 13.2 up to but not including 2506. The vulnerability arises because the application improperly manages errors when trying to access unavailable resources, which can lead to unintended exposure of system applications.

Impact

Exploitation of this vulnerability could result in unauthorized exposure of system applications.

Remediation

Users are advised to update to the latest version of Siemens Opcenter Quality. Specific hardening measures include securing the operating system and IIS, hiding the IIS version, limiting file access to only necessary extensions, and disabling unsecure protocols such as SSL v2, SSL v3, TLS 1.0, and TLS 1.1. Following the general security recommendations and the product's security concept is also recommended.