CVE-2024-46887
CVSS V2 None
CVSS V3 None
Description
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
Overview
- CVE ID
- CVE-2024-46887
- Assigner
- siemens
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-08T08:40:43.510Z
- Last Modified Date
- 2024-10-08T08:40:43.510Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-054046.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-46887 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46887 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-09 13:11:19 | Added to TrackCVE |