The web server of affected devices do not properly authenticate user request to the /ClientArea/RuntimeInfoData.mwsl endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.