CVE-2024-31486 MEDIUM

CVE-2024-31486

Vendor Siemens
Product OPUPI0 AMQP/MQTT
Weakness CWE-312 · Cleartext storage
Published May 14, 2024
Last update November 3, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
November 3, 2025 Record updated