The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
References
Configurations
No configuration.
History
10 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Oct 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-08 09:15
Updated : 2024-10-10 12:56
NVD link : CVE-2024-46887
Mitre link : CVE-2024-46887
CVE.ORG link : CVE-2024-46887
JSON object : View
Products Affected
No product.
CWE
CWE-288
Authentication Bypass Using an Alternate Path or Channel