CVE-2024-47944

low-risk

Published 2024-10-15

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

PHYSICAL / LOW complexity

References (3)

https://r.sec-consult.com/rittaliot

https://www.rittal.com/de-de/products/deep/3124300

http://seclists.org/fulldisclosure/2024/Oct/4

/ 100

low-risk

Severity 22/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal