CVE-2024-47944

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47944
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://r.sec-consult.com/rittaliot
https://www.rittal.com/de-de/products/deep/3124300
Configurations

No configuration.

History

No history.

Information

Published : 2024-10-15 09:15

Updated : 2024-10-15 16:35

NVD link : CVE-2024-47944

Mitre link : CVE-2024-47944

CVE.ORG link : CVE-2024-47944

JSON object : View

Products Affected

No product.

CWE
CWE-1299

Missing Protection Mechanism for Alternate Hardware Interface