CVE-2024-47944

Summary

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

Affected Software

VendorProductVersion RangeStatus
RITTAL GmbH & Co. KGIoT Interface & CMC III Processing Unit<6.21.00.2affected

Weaknesses

  • CWE-1299: CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References