CVE-2024-46887

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: Oct 8, 2024 / Updated: 40d ago

010
CVSS 6.9EPSS 0.04%Medium
CVE info copied to clipboard

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-46887. See article

Oct 8, 2024 at 9:58 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 9:59 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 9, 2024 at 10:29 AM
CVSS

A CVSS base score of 5.3 has been assigned.

Oct 10, 2024 at 1:00 PM / nvd
Threat Intelligence Report

CVE-2024-46887 is a vulnerability with a CVSS v3 base score of 5.3 and a CVSS v4 base score of 6.9, indicating a moderate level of criticality. The provided information does not specify whether it is actively exploited in the wild, nor does it mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts to third-party vendors or technology. Further investigation would be necessary to assess the full context and implications of this vulnerability. See article

Oct 10, 2024 at 3:03 PM
Static CVE Timeline Graph

Affected Systems

Siemens/simatic_s7-1500_cpu_firmware
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

References

Siemens SIMATIC S7-1500 CPUs
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU.

News

Siemens SIMATIC S7-1500 CPUs Unauthenticated Information Disclosure in Web Server (CVE-2024-46887)
The remote OT asset is affected by a vulnerability. Tenable OT Security Plugin ID 502652 with Medium Severity
Siemens SIMATIC S7-1500 CPUs
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU.
CVE-2024-46887
Medium Severity Description The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. Read more at https://www.tenable.com/cve/CVE-2024-46887
CVE-2024-46887 | Siemens SIMATIC Drive Controller CPU 1504D TF Web Server RuntimeInfoData.mwsl authentication bypass (ssa-054046)
A vulnerability was found in Siemens SIMATIC Drive Controller CPU 1504D TF, SIMATIC Drive Controller CPU 1507D TF, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513pro F-2 PN, SIMATIC S7-1500 CPU 1513pro-2 PN, SIMATIC S7-1500 CPU 1514SP F-2 PN, SIMATIC S7-1500 CPU 1514SP-2 PN, SIMATIC S7-1500 CPU 1514SPT F-2 PN, SIMATIC S7-1500 CPU 1514SPT-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN, DP, SIMATIC S7-1500 CPU 1516F-3 PN, SIMATIC S7-1500 CPU 1516pro F-2 PN, SIMATIC S7-1500 CPU 1516pro-2 PN, SIMATIC S7-1500 CPU 1516T-3 PN, SIMATIC S7-1500 CPU 1516TF-3 PN, SIMATIC S7-1500 CPU 1517-3 PN, SIMATIC S7-1500 CPU 1517F-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN, SIMATIC S7-1500 CPU 1517TF-3 PN, SIMATIC S7-1500 CPU 1518-4 PN, DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN, SIMATIC S7-1500 CPU 1518TF-4 PN, SIMATIC S7-1500 CPU S7-1518-4 PN, DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller V2, SIMATIC S7-1500 Software Controller V3, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1516-3 PN, DP RAIL, DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN, SIPLUS S7-1500 CPU 1518-4 PN and SIPLUS S7-1500 CPU 1518F-4 PN . It has been classified as critical . This affects an unknown part of the file /ClientArea/RuntimeInfoData.mwsl of the component Web Server . The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2024-46887 .
SIEMENS SIMATIC DRIVE CONTROLLER CPU 1504D TF SIMATIC DRIVE CONTROLLER CPU 1507D TF SIMATIC ET 200SP OPEN CONTROLLER CPU 1515SP PC2 (INCL. SIPLUS VARIANTS) SIMATIC S7-1500 CPU 1510SP F-1 PN SIMATIC S7-1500 CPU 1510SP-1 PN SIMATIC S7-1500 CPU 1511-1 PN SIMATIC S7-1500 CPU 1511C-1 PN SIMATIC S7-1500 CPU 1511F-1 PN SIMATIC S7-1500 CPU 1511T-1 PN SIMATIC S7-1500 CPU 1511TF-1 PN SIMATIC S7-1500 CPU 1512C-1 PN SIMATIC S7-1500 CPU 1512SP F-1 PN SIMATIC S7-1500 CPU 1512SP-1 PN SIMATIC S7-1500 CPU 1513-1 PN SIMATIC S7-1500 CPU 1513F-1 PN SIMATIC S7-1500 CPU 1513PRO F-2 PN SIMATIC S7-1500 CPU 1513PRO-2 PN SIMATIC S7-1500 CPU 1514SP F-2 PN SIMATIC S7-1500 CPU 1514SP-2 PN SIMATIC S7-1500 CPU 1514SPT F-2 PN SIMATIC S7-1500 CPU 1514SPT-2 PN SIMATIC S7-1500 CPU 1515-2 PN SIMATIC S7-1500 CPU 1515F-2 PN SIMATIC S7-1500 CPU 1515T-2 PN SIMATIC S7-1500 CPU 1515TF-2 PN SIMATIC S7-1500 CPU 1516-3 PN/DP SIMATIC S7-1500 CPU 1516F-3 PN/DP SIMATIC S7-1500 CPU 1516PRO F-2 PN SIMATIC S7-1500 CPU 1516PRO-2 PN SIMATIC S7-1500 CPU 1516T-3 PN/DP SIMATIC S7-1500 CPU 1516TF-3 PN/DP SIMATIC S7-1500 CPU 1517-3 PN/DP SIMATIC S7-1500 CPU 1517F-3 PN/DP SIMATIC S7-1500 CPU 1517T-3 PN/DP SIMATIC S7-1500 CPU 1517TF-3 PN/DP SIMATIC S7-1500 CPU 1518-4 PN/DP SIMATIC S7-1500 CPU 1518-4 PN/DP MFP SIMATIC S7-1500 CPU 1518F-4 PN/DP SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP SIMATIC S7-1500 CPU 1518T-4 PN/DP SIMATIC S7-1500 CPU 1518TF-4 PN/DP SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK SIMATIC S7-1500 ET 200PRO: CPU 1513PRO F-2 PN SIMATIC S7-1500 ET 200PRO: CPU 1513PRO-2 PN SIMATIC S7-1500 ET 200PRO: CPU 1516PRO F-2 PN SIMATIC S7-1500 ET 200PRO: CPU 1516PRO-2 PN SIMATIC S7-1500 SOFTWARE CONTROLLER V2 SIMATIC S7-1500 SOFTWARE CONTROLLER V3 SIMATIC S7-PLCSIM ADVANCED SIPLUS ET 200SP CPU 1510SP F-1 PN SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL SIPLUS ET 200SP CPU 1510SP-1 PN SIPLUS ET 200SP CPU 1510SP-1 PN RAIL SIPLUS ET 200SP CPU 1512SP F-1 PN SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL SIPLUS ET 200SP CPU 1512SP-1 PN SIPLUS ET 200SP CPU 1512SP-1 PN RAIL SIPLUS S7-1500 CPU 1511-1 PN SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL SIPLUS S7-1500 CPU 1511-1 PN TX RAIL SIPLUS S7-1500 CPU 1511F-1 PN SIPLUS S7-1500 CPU 1513-1 PN SIPLUS S7-1500 CPU 1513F-1 PN SIPLUS S7-1500 CPU 1515F-2 PN SIPLUS S7-1500 CPU 1515F-2 PN RAIL SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL SIPLUS S7-1500 CPU 1516-3 PN/DP SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL SIPLUS S7-1500 CPU 1516F-3 PN/DP SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL SIPLUS S7-1500 CPU 1518-4 PN/DP SIPLUS S7-1500 CPU 1518-4 PN/DP MFP SIPLUS S7-1500 CPU 1518F-4 PN/DP CVE-2024-46887 CVE-2024-46887 The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. https://www. cve.org/CVERecord?id=CVE-2024- 46887 https:// cert-portal.siemens.com/produc tcert/html/ssa-054046.html # Siemens # SIMATICDriveControllerCPU1504DTF # SIMATICDriveControllerCPU1507DTF # SIMATICET200SPOpenControllerCPU1515SPPC2 (incl.SIPLUSvariants) # SIMATICS7 -1500CPU1510SPF-1PN # SIMATICS7 -1500CPU1510SP-1PN # SIMATICS7 -1500CPU1511-1PN # SIMATICS7 -1500CPU1511C-1PN # SIMATICS7 -1500CPU1511F-1PN # SIMATICS7 -1500CPU1511T-1PN # SIMATICS7 -1500CPU1511TF-1PN # SIMATICS7 -1500CPU1512C-1PN # SIMATICS7 -1500CPU1512SPF-1PN # SIMATICS7 -1500CPU1512SP-1PN # SIMATICS7 -1500CPU1513-1PN # SIMATICS7 -1500CPU1513F-1PN # SIMATICS7 -1500CPU1513proF-2PN # SIMATICS7 -1500CPU1513pro-2PN # SIMATICS7 -1500CPU1514SPF-2PN # SIMATICS7 -1500CPU1514SP-2PN # SIMATICS7 -1500CPU1514SPTF-2PN # SIMATICS7 -1500CPU1514SPT-2PN # SIMATICS7 -1500CPU1515-2PN # SIMATICS7 -1500CPU1515F-2PN # SIMATICS7 -1500CPU1515T-2PN # SIMATICS7 -1500CPU1515TF-2PN # SIMATICS7 -1500CPU1516-3PN/DP # SIMATICS7 -1500CPU1516F-3PN/DP # SIMATICS7 -1500CPU1516proF-2PN # SIMATICS7 -1500CPU1516pro-2PN # SIMATICS7 -1500CPU1516T-3PN/DP # SIMATICS7 -1500CPU1516TF-3PN/DP # SIMATICS7 -1500CPU1517-3PN/DP # SIMATICS7 -1500CPU1517F-3PN/DP # SIMATICS7 -1500CPU1517T-3PN/DP # SIMATICS7 -1500CPU1517TF-3PN/DP # SIMATICS7 -1500CPU1518-4PN/DP # SIMATICS7 -1500CPU1518-4PN/DPMFP # SIMATICS7 -1500CPU1518F-4PN/DP # SIMATICS7 -1500CPU1518F-4PN/DPMFP # SIMATICS7 -1500CPU1518T-4PN/DP # SIMATICS7 -1500CPU1518TF-4PN/DP # SIMATICS7 -1500CPUS7-1518-4PN/DPODK # SIMATICS7 -1500CPUS7-1518F-4PN/DPODK # SIMATICS7 -1500ET200pro:CPU1513PROF-2PN # SIMATICS7 -1500ET200pro:CPU1513PRO-2PN # SIMATICS7 -1500ET200pro:CPU1516PROF-2PN # SIMATICS7 -1500ET200pro:CPU1516PRO-2PN # SIMATICS7 -1500SoftwareControllerV2 # SIMATICS7 -1500SoftwareControllerV3 # SIMATICS7 -PLCSIMAdvanced # SIPLUSET200SPCPU1510SPF -1PN # SIPLUSET200SPCPU1510SPF -1PNRAIL # SIPLUSET200SPCPU1510SP -1PN # SIPLUSET200SPCPU1510SP -1PNRAIL # SIPLUSET200SPCPU1512SPF -1PN # SIPLUSET200SPCPU1512SPF -1PNRAIL # SIPLUSET200SPCPU1512SP -1PN # SIPLUSET200SPCPU1512SP -1PNRAIL # SIPLUSS7 -1500CPU1511-1PN # SIPLUSS7 -1500CPU1511-1PNT1RAIL # SIPLUSS7 -1500CPU1511-1PNTXRAIL # SIPLUSS7 -1500CPU1511F-1PN # SIPLUSS7 -1500CPU1513-1PN # SIPLUSS7 -1500CPU1513F-1PN # SIPLUSS7 -1500CPU1515F-2PN # SIPLUSS7 -1500CPU1515F-2PNRAIL # SIPLUSS7 -1500CPU1515F-2PNT2RAIL # SIPLUSS7 -1500CPU1516-3PN/DP # SIPLUSS7 -1500CPU1516-3PN/DPRAIL # SIPLUSS7 -1500CPU1516-3PN/DPTXRAIL # SIPLUSS7 -1500CPU1516F-3PN/DP # SIPLUSS7 -1500CPU1516F-3PN/DPRAIL # SIPLUSS7 -1500CPU1518-4PN/DP # SIPLUSS7 -1500CPU1518-4PN/DPMFP # SIPLUSS7 -1500CPU1518F-4PN/DP # CVE_2024_46887 # bot
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI