CVE-2024-46887 Information

Description

The web server of affected devices do not properly authenticate user request to the ‘/ClientArea/RuntimeInfoData.mwsl’ endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

Reference

https://cert-portal.siemens.com/productcert/html/ssa-054046.html