CVE-2024-47945

EUVD-2024-42737

15.10.2024, 10:15

The devices are vulnerable to session hijacking due to insufficient 
entropy in its session ID generation algorithm. The session IDs are 
predictable, with only 32,768 possible values per user, which allows 
attackers to pre-generate valid session IDs, leading to unauthorized 
access to user sessions. This is not only due to the use of an 
(insecure) rand() function call but also because of missing 
initialization via srand(). As a result only the PIDs are effectively 
used as seed.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Affected Products (NVD)

Vendor	Product	Version
rittal	iot_interface_firmware	𝑥 < 6.21.00.2
rittal	cmc_iii_processing_units_firmware	𝑥 < 6.21.00.2

𝑥

= Vulnerable software versions

Known Exploits!

https://r.sec-consult.com/rittaliot

Common Weakness Enumeration

References

https://r.sec-consult.com/rittaliot

https://www.rittal.com/de-de/products/deep/3124300

http://seclists.org/fulldisclosure/2024/Oct/4