CVE-2024-47944

EUVD-2024-42736
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
rittal_gmbh_and_co.kgiot_interface_and_cmc_iii_processing_unit
𝑥
< 6.21.00.2
ADP
Common Weakness Enumeration
References
https://r.sec-consult.com/rittaliot
https://www.rittal.com/de-de/products/deep/3124300
http://seclists.org/fulldisclosure/2024/Oct/4