CVE-2024-31486
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | OPUPI0 AMQP/MQTT | 0 < V5.30 | affected |
Weaknesses
- CWE-312: CWE-312: Cleartext Storage of Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-871704.html
- http://seclists.org/fulldisclosure/2024/Jul/4
- http://seclists.org/fulldisclosure/2025/Feb/19
References
- https://cert-portal.siemens.com/productcert/html/ssa-871704.html
- http://seclists.org/fulldisclosure/2024/Jul/4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.