LDAP Info Disclosure inClient (Modules) v13.2+ pre-2506
CVE-2024-41980 Published on August 12, 2025

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.

NVD

Weakness Type

Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.

Affected Versions

Siemens SmartClient modules Opcenter QL Home (SC):

Version V13.2 and below V2506 is affected.

Siemens SOA Audit:

Version V13.2 and below V2506 is affected.

Siemens SOA Cockpit:

Version V13.2 and below V2506 is affected.

Exploit Probability

EPSS

0.02%

Percentile

3.64%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

LDAP Info Disclosure inClient (Modules) v13.2+ pre-2506CVE-2024-41980 Published on August 12, 2025

Weakness Type

Missing Encryption of Sensitive Data

Affected Versions

Exploit Probability

LDAP Info Disclosure inClient (Modules) v13.2+ pre-2506
CVE-2024-41980 Published on August 12, 2025