Konica Bizhub Multifunction Printers Insertion of Sensitive Information into Externally-Accessible File or Directory (CVE-2024-51977)

medium Tenable OT Security Plugin ID 505033

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device's model, firmware version, IP address, and serial number.

Solution

Refer to the vendor advisory.

Plugin Details

Severity: Medium

ID: 505033

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 1/21/2026

Updated: 1/21/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/o:konicaminolta:bizhub_5000i_firmware, cpe:/o:konicaminolta:bizhub_3000mf_firmware, cpe:/o:konicaminolta:bizhub_4020i_firmware, cpe:/o:konicaminolta:bizhub_3080mf_firmware, cpe:/o:konicaminolta:bizhub_5020i_firmware, cpe:/o:konicaminolta:bizhub_4000i_firmware

Required KB Items: Tenable.ot/Konica

Vulnerability Publication Date: 6/25/2025

Reference Information

CVE: CVE-2024-51977

CWE: 538

Detections

Analytics