Unauthenticated Remote Attacker Could Gain Knowledge of Current Cycle Times and Communication Load
CVE-2024-46887

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Drive Controller Cpu 1504d Tf; Simatic Drive Controller Cpu 1507d Tf; Simatic Et 200sp Cpu 1510sp F-1 Pn; Simatic Et 200sp Cpu 1510sp-1 Pn
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-46887?

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SIMATIC Drive Controller CPU 1504D TF 0

SIMATIC Drive Controller CPU 1507D TF 0

SIMATIC ET 200SP CPU 1510SP F-1 PN 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0540...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 12, 2024

JSON

Siemens

What is CVE-2024-46887?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.