CVE-2024-47945 – This vulnerability allows attackers to predict ... (How to Fix)

Q: What is the severity of CVE-2024-47945?

CVE-2024-47945 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to predict session IDs and hijack user sessions on affected Rittal IoT devices. Attackers can pre-generate valid session IDs due to insufficient entropy in the generation algorithm, leading to unauthorized access. This affects Rittal IoT devices with vulnerable firmware.

📋 TL;DR

This vulnerability allows attackers to predict session IDs and hijack user sessions on affected Rittal IoT devices. Attackers can pre-generate valid session IDs due to insufficient entropy in the generation algorithm, leading to unauthorized access. This affects Rittal IoT devices with vulnerable firmware.

💻 Affected Systems

Products:

Rittal IoT devices (specific models not fully detailed in references)

Versions: Specific vulnerable versions not explicitly stated in provided references, but appears to affect current/firmware versions at time of disclosure (2024).

Operating Systems: Embedded/Linux-based IoT OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in session ID generation algorithm using insecure rand() without proper srand() initialization, making PIDs the effective seed.

📦 What is this software?

Cmc Iii Processing Units Firmware by Rittal

View all CVEs affecting Cmc Iii Processing Units Firmware →

Iot Interface Firmware by Rittal

View all CVEs affecting Iot Interface Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all user sessions, allowing attackers to impersonate any user, access sensitive data, and perform administrative actions on affected devices.

🟠

Likely Case

Session hijacking leading to unauthorized access to device management interfaces, potential configuration changes, and data exfiltration.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict access controls and session monitoring, though risk remains if internal access is possible.

🌐 Internet-Facing: HIGH - Internet-facing devices are directly exploitable by remote attackers without authentication.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this vulnerability to hijack sessions.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires only session ID prediction (32,768 possibilities per user) which can be brute-forced or pre-computed. Public disclosure includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.rittal.com/de-de/products/deep/3124300

Instructions:

Check vendor advisory for firmware updates. If patch available: 1. Download latest firmware from Rittal. 2. Backup device configuration. 3. Apply firmware update following vendor instructions. 4. Verify session ID generation uses cryptographically secure random.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate network segments with strict firewall rules limiting access to trusted IPs only.

Session Timeout Reduction

all

Reduce session timeout values to minimize window for session hijacking attacks.

🧯 If You Can't Patch

Implement network-level authentication (VPN, client certificates) before accessing device management interfaces.
Deploy web application firewall (WAF) with session protection rules and monitor for abnormal session patterns.

🔍 How to Verify

Check if Vulnerable:

Check if session IDs appear predictable or follow sequential/limited patterns. Monitor multiple session creations for patterns. Review source code for use of rand() without proper srand().

Check Version:

Check device web interface or CLI for firmware version, then compare against vendor patched version list.

Verify Fix Applied:

Verify session IDs are now cryptographically random (128+ bits entropy). Test that generated IDs show no predictable patterns across multiple sessions.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login with different session ID
Session IDs following predictable patterns
User sessions from unusual IP addresses

Network Indicators:

Rapid sequential session ID requests
Multiple session creations from single source in short time

SIEM Query:

source="device_logs" (session_id matches "predictable_pattern" OR multiple session_creation within 1m from same src_ip)

📊 Metadata

CVE ID: CVE-2024-47945

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-340

Published: October 15, 2024

Last Updated: November 3, 2025

🔗 References

https://r.sec-consult.com/rittaliot Exploit,Third Party Advisory
https://www.rittal.com/de-de/products/deep/3124300 Product
http://seclists.org/fulldisclosure/2024/Oct/4

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47945, you might also want to check these: