CVE-2024-56113

High

Published: 09 January 2025

Published

09 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0020 42.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56113 is a high-severity Insecure Storage of Sensitive Information (CWE-922) vulnerability in Motius (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-11 (Error Handling).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-11 Error Handling good match

prevent

Requires secure error handling that prevents disclosure of sensitive information via verbose error pages triggered by debug mode.

CM-6 Configuration Settings good match

prevent

Mandates establishment of secure configuration settings, such as disabling DEBUG=True in Django to avoid exposing sensitive settings.

SI-15 Information Output Filtering good match

prevent

Enforces output filtering to block sensitive Django settings information from being released in error pages accessible to unauthenticated attackers.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1552 Unsecured Credentials Credential Access

Adversaries may search compromised systems to find and obtain insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Debug mode misconfiguration on public-facing Django app directly enables remote exploitation for sensitive config/credential disclosure (T1190 + T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.

Deeper analysisAI

CVE-2024-56113 is a vulnerability in Smart Toilet Lab - Motius version 1.3.11, a Django-based application. The issue stems from the application running with debug mode enabled (DEBUG = True), which causes verbose error pages to expose sensitive information defined in the Django settings file. This misconfiguration is mapped to CWE-922 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no integrity or availability effects.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By triggering an error condition that generates a verbose error page, attackers gain access to sensitive Django settings data, such as configuration secrets, potentially enabling further compromise like unauthorized access to backend systems or data exfiltration.

Advisories and additional details are available in the GitHub repository at https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56113 and on the vendor site at https://www.motius.com/. Specific mitigation steps, such as disabling debug mode or applying patches, are not detailed in the core CVE information provided.