OpenCVE

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Rittal	Cmc Iii Processing Units Cmc Iii Processing Units Firmware Iot Interface Iot Interface Firmware
Rittal Gmbh And Co.kg	Iot Interface And Cmc Iii Processing Unit

Configuration 1 [-]

AND

cpe:2.3:o:rittal:iot_interface_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rittal:iot_interface:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:rittal:cmc_iii_processing_units_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rittal:cmc_iii_processing_units:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://r.sec-consult.com/rittaliot
https://www.rittal.com/de-de/products/deep/3124300

History

Mon, 21 Oct 2024 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Rittal Rittal cmc Iii Processing Units Rittal cmc Iii Processing Units Firmware Rittal iot Interface Rittal iot Interface Firmware
Weaknesses		CWE-331
CPEs		cpe:2.3:h:rittal:cmc_iii_processing_units:-:::::::* cpe:2.3:h:rittal:iot_interface:-:::::::* cpe:2.3:o:rittal:cmc_iii_processing_units_firmware:::::::: cpe:2.3:o:rittal:iot_interface_firmware::::::::
Vendors & Products		Rittal Rittal cmc Iii Processing Units Rittal cmc Iii Processing Units Firmware Rittal iot Interface Rittal iot Interface Firmware

Tue, 15 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Rittal Gmbh And Co.kg Rittal Gmbh And Co.kg iot Interface And Cmc Iii Processing Unit
CPEs		cpe:2.3:a:rittal_gmbh_and_co.kg:iot_interface_and_cmc_iii_processing_unit::::::::
Vendors & Products		Rittal Gmbh And Co.kg Rittal Gmbh And Co.kg iot Interface And Cmc Iii Processing Unit
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 15 Oct 2024 10:15:00 +0000

Type	Values Removed	Values Added
Description		The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.
Title		Predictable Session ID
Weaknesses		CWE-340
References		https://r.sec-consult.com/rittaliot https://www.rittal.com/de-de/products/deep/3124300

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2024-10-15T10:05:58.333Z

Updated: 2024-10-15T16:03:59.248Z

Reserved: 2024-10-07T13:39:52.543Z

Link: CVE-2024-47945

Vulnrichment

Updated: 2024-10-15T16:03:52.859Z

NVD

Status : Analyzed

Published: 2024-10-15T10:15:03.973

Modified: 2024-10-21T19:41:10.407

Link: CVE-2024-47945

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object