| |
Podatność CVE-2024-46887
Publikacja: 2024-10-08
| Opis: |
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. |
Typ:
CWE-288 (Authentication Bypass Using an Alternate Path or Channel)
Referencje: |
https://cert-portal.siemens.com/productcert/html/ssa-054046.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English