The web server of affected devices do not properly authenticate user request to the /ClientArea/RuntimeInfoData.mwsl endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
The product requires authentication, but the product has an alternate path or channel that does not require authentication.