CVE-2024-46887 MEDIUM

CVE-2024-46887

Vendor Siemens
Product SIMATIC Drive Controller CPU 1504D TF
Weakness CWE-288
Published October 8, 2024
Last update October 21, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

Key dates

02Disclosure timeline

October 8, 2024 CVE published
October 21, 2025 Record updated