CVE-2024-46886 MEDIUM

CVE-2024-46886

Vendor Siemens
Product SIMATIC Drive Controller CPU 1504D TF
Weakness CWE-601 · Open redirect
Published October 8, 2024
Last update October 14, 2025
View on NVD All CVEs

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

Key dates

02Disclosure timeline

October 8, 2024 CVE published
October 14, 2025 Record updated