Rittal IoT Interface/CMC III Processing Unit prior 6.21.00.2 Firmware Upgrade run.sh signature verification
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 2.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Rittal IoT Interface and CMC III Processing Unit. It has been declared as problematic. Affected is an unknown function of the file run.sh of the component Firmware Upgrade Handler. The manipulation results in signature verification. This vulnerability is identified as CVE-2024-47943. Additionally, an exploit exists. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Rittal IoT Interface and CMC III Processing Unit. It has been classified as problematic. Affected is some unknown processing of the file run.sh of the component Firmware Upgrade Handler. The manipulation with an unknown input leads to a signature verification vulnerability. CWE is classifying the issue as CWE-347. The product does not verify, or incorrectly verifies, the cryptographic signature for data. This is going to have an impact on integrity. CVE summarizes:
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the firmware and is freely available for download. This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code.
The weakness was released by Johannes Kruchem. The advisory is shared for download at r.sec-consult.com. This vulnerability is traded as CVE-2024-47943 since 10/07/2024. The exploitability is told to be difficult. Technical details and a public exploit are known.
The exploit is shared for download at packetstormsecurity.com. It is declared as proof-of-concept.
Upgrading to version 6.21.00.2 eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 2.6VulDB Meta Temp Score: 2.4
VulDB Base Score: 2.6
VulDB Temp Score: 2.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Signature verificationCWE: CWE-347 / CWE-345
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: IoT Interface/CMC III Processing Unit 6.21.00.2
Timeline
10/07/2024 🔍10/15/2024 🔍
10/15/2024 🔍
03/18/2025 🔍
Sources
Advisory: r.sec-consult.comResearcher: Johannes Kruchem
Status: Confirmed
CVE: CVE-2024-47943 (🔍)
GCVE (CVE): GCVE-0-2024-47943
GCVE (VulDB): GCVE-100-280356
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 10/15/2024 11:41Updated: 03/18/2025 03:01
Changes: 10/15/2024 11:41 (55), 10/21/2024 15:28 (10), 03/18/2025 03:01 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.