Siemens Opcenter Quality SmartClient Modules Session Management Vulnerability

A session management vulnerability has been identified in Siemens Opcenter Quality SmartClient modules, specifically in Opcenter QL Home (SC), SOA Audit, and SOA Cockpit, all versions prior to V2506. The vulnerability arises because the application does not properly expire sessions after a period of inactivity, potentially allowing unauthorized access if a session is left idle.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the application by taking advantage of an idle session.

Remediation

Siemens has released new versions for the affected products and recommends updating to the latest versions. Specific workarounds include operating the SmartClient in a secured network and context, following the hardening instructions mentioned in the product's security concept, and ensuring that all users are given the least privileges required.