CVE-2024-47945

Description

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-340 CWE-340

CWE-331 CWE-331

Affected Products

Vendor	Product	Versions
rittal	iot_interface_firmware	< 6.21.00.2
rittal	iot_interface	All
rittal	cmc_iii_processing_units_firmware	< 6.21.00.2
rittal	cmc_iii_processing_units	All

References

Exploits

https://r.sec-consult.com/rittaliot

Other References

https://www.rittal.com/de-de/products/deep/3124300 http://seclists.org/fulldisclosure/2024/Oct/4

Frequently Asked Questions

What is CVE-2024-47945? +

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed. It has a CVSS v3.1 base score of 9.8 (CRITICAL).

How severe is CVE-2024-47945? +

CVE-2024-47945 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2024-47945? +

CVE-2024-47945 affects products from rittal, specifically: cmc_iii_processing_units, cmc_iii_processing_units_firmware, iot_interface, iot_interface_firmware. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-47945? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-69286 9.8

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation …

CVE-2026-40496 9.1

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using …

CVE-2026-5081 9.1

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value …

CVE-2025-40925 9.1

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with …

CVE-2024-7558 8.7

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user …

CVE-2025-40920 8.6

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a …