Auth Bypass RCE in SmartClient Opcenter QL Home v13.2-<v2506
CVE-2024-41979 Published on August 12, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2024-41979 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
Siemens SmartClient modules Opcenter QL Home (SC):- Version V13.2 and below V2506 is affected.
- Version V13.2 and below V2506 is affected.
- Version V13.2 and below V2506 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.