Siemens Opcenter QL Home
Easy fix2 remedies
cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*
Easy fix2 remedies
- >= V13.2, < V2506
Siemens Opcenter Quality SmartClient Modules TLS Vulnerability Allowing Man-in-the-Middle Attacks
Vulnerability
Patched
A vulnerability exists in Siemens Opcenter Quality SmartClient modules, specifically in Opcenter QL Home (SC), SOA Audit, and SOA Cockpit, all versions from 13.2 up to but not including 2506. The vulnerability arises because these modules support insecure TLS protocols 1.0 and 1.1. This weakness could enable an attacker to conduct a man-in-the-middle attack, compromising the confidentiality and integrity of the data being transmitted.
Impact
Exploitation of this vulnerability could lead to a man-in-the-middle attack, allowing an attacker to intercept and potentially alter data being transmitted between the client and server.
Remediation
Users are advised to disable TLS 1.0 and 1.1 and ensure that TLS 1.2 is enabled if needed. Follow the security guidelines provided in the Opcenter Quality security concept and consult the Siemens operational guidelines for Industrial Security.
Added: Aug 12, 2025, 12:58 PM
Updated: Aug 12, 2025, 3:19 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
2.5exploitability
4.2remediation
7.9relevance
0.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.