216.73.217.86

CVE-2024-47943

· Published 15/10/2024 09:15 · Modified 15/10/2024 12:57

Labels: CVE-2024-47943 2024-10-15551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2024-47943CWE-347

Essential information

Published
15/10/2024 09:15
Modified
15/10/2024 12:57
Author
Creator
CISA KEV
No
CWE

Description

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the firmware and is freely available for download. This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

References