CVE-2024-46887 is an authentication bypass vulnerability classified under CWE-288 affecting the Siemens SIMATIC Drive Controller CPU 1504D TF. The vulnerability arises because the embedded web server does not properly authenticate requests to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This endpoint exposes runtime information including current actual cycle times, configured maximum cycle times, and maximum communication load parameters. Since the endpoint is accessible without authentication, a remote attacker can retrieve this data without any credentials or user interaction. The vulnerability has a CVSS v3.1 base score of 5.3, indicating medium severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to confidentiality as it leaks operational parameters that could be used for reconnaissance or to tailor further attacks on industrial control systems. No integrity or availability impacts are reported. The vulnerability affects version '0' of the product, which likely refers to initial or current firmware versions. Siemens has not published patches yet, and no known exploits are observed in the wild. The vulnerability highlights the risk of exposing sensitive operational data through insufficiently protected web interfaces in industrial control systems.

For European organizations, particularly those in manufacturing, energy, and critical infrastructure sectors relying on Siemens SIMATIC Drive Controller CPU 1504D TF, this vulnerability poses a confidentiality risk. Attackers can remotely gather sensitive operational data that may reveal system performance parameters and communication loads. Such information can facilitate more sophisticated attacks, including timing-based attacks, denial of service, or targeted intrusion attempts. While the vulnerability does not directly allow control or disruption of the device, the leaked data could aid attackers in mapping the industrial environment and identifying potential weaknesses. This is especially critical in Europe where industrial automation is widespread and integral to economic and infrastructure stability. The exposure of operational metrics could also violate data protection policies or regulatory requirements related to industrial cybersecurity. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers could develop exploits based on this information.

1. Restrict network access to the SIMATIC Drive Controller web interface, especially the '/ClientArea/RuntimeInfoData.mwsl' endpoint, by implementing strict firewall rules and network segmentation to isolate industrial control systems from general IT networks and the internet. 2. Deploy intrusion detection and prevention systems (IDS/IPS) to monitor and alert on unauthorized access attempts to the vulnerable endpoint. 3. Use VPNs or secure tunnels with strong authentication for remote access to industrial devices to prevent unauthorized external access. 4. Regularly audit and review access logs for unusual or unauthorized requests to the affected endpoint. 5. Engage with Siemens support to obtain updates on patches or firmware upgrades addressing this vulnerability and plan timely deployment once available. 6. Implement compensating controls such as disabling the web server interface if not required or limiting its functionality to trusted administrators. 7. Train operational technology (OT) security teams to recognize and respond to reconnaissance activities targeting industrial control systems. 8. Maintain an up-to-date asset inventory to quickly identify affected devices and prioritize remediation efforts.