Description

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.

INFO

Published Date :

2024-10-15T10:05:58.333Z

Last Modified :

2025-11-03T22:21:56.044Z

Source :

SEC-VLab
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47945 vulnerability.

Vendors Products
Rittal
  • Cmc Iii Processing Units
  • Cmc Iii Processing Units Firmware
  • Iot Interface
  • Iot Interface Firmware
Rittal Gmbh And Co.kg
  • Iot Interface And Cmc Iii Processing Unit
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47945.

URL Resource
http://seclists.org/fulldisclosure/2024/Oct/4 cve-icon
https://r.sec-consult.com/rittaliot cve-icon cve-icon
https://www.rittal.com/de-de/products/deep/3124300 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact