Is CVE-2024-47944 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Rittal Gmbh & Co. Kg Iot Interface Cmc Iii Processing Unit

Q: What is CVE-2024-47944?

CVE-2024-47944 is a vulnerability in Rittal Gmbh & Co. Kg Iot Interface Cmc Iii Processing Unit, classified under CWE-1299. Published 2024-10-15.

CVE-2024-47944

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

EPSS: 0.001 (33.9th percentile) — read the EPSS interpretation.

Affected products

Rittal Gmbh & Co. Kg Iot Interface Cmc Iii Processing Unit — versions <6.21.00.2

Weakness classification (CWE)

CWE-1299

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

r.sec-consult.com/rittaliot (third-party-advisory)
www.rittal.com/de-de/products/deep/3124300 (patch)

Frequently asked questions

What is CVE-2024-47944?: CVE-2024-47944 is a vulnerability in Rittal Gmbh & Co. Kg Iot Interface Cmc Iii Processing Unit, classified under CWE-1299. Published 2024-10-15.
Is CVE-2024-47944 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.