CVE-2024-47944

Missing Protection Mechanism for Alternate Hardware Interface

Description

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

Remediation

Solution:

The vendor provides a patched version V6.21.00.2 which can be downloaded from the following URL: www.rittal.com/de-de/products/deep/3124300 https://www.rittal.com/de-de/products/deep/3124300

References

Link	Tags
https://r.sec-consult.com/rittaliot	third party advisory
https://www.rittal.com/de-de/products/deep/3124300	patch

Frequently Asked Questions

What is the severity of CVE-2024-47944?: CVE-2024-47944 has been scored as a medium severity vulnerability.
How to fix CVE-2024-47944?: To fix CVE-2024-47944: The vendor provides a patched version V6.21.00.2 which can be downloaded from the following URL: www.rittal.com/de-de/products/deep/3124300 https://www.rittal.com/de-de/products/deep/3124300
Is CVE-2024-47944 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-47944 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-47944?: CVE-2024-47944 affects RITTAL GmbH & Co. KG IoT Interface & CMC III Processing Unit.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-1299 – Missing Protection Mechanism for Alternate Hardware Interface

References

Frequently Asked Questions