Vulnerability CVE-2024-46887


Published: 2024-10-08

Description:
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

Type:

CWE-288

(Authentication Bypass Using an Alternate Path or Channel)

 References:
https://cert-portal.siemens.com/productcert/html/ssa-054046.html

Copyright 2024, cxsecurity.com

 

Back to Top