CVE-2019-14475

Name of the Vulnerable Software and Affected Versions eQ-3 Homematic CCU2 versions 2.47.15 and prior eQ-3 Homematic CCU3 versions 3.47.15 and prior

Description The issue concerns a lack of authorization checks in the authentication process, which relies on session IDs. An attacker can exploit this to gain unauthorized access to system functionalities, including reading service messages, clearing the system protocol, creating new users, or modifying and deleting internal programs.

Recommendations For eQ-3 Homematic CCU2 versions 2.47.15 and prior, update to a version that includes proper authorization checks. For eQ-3 Homematic CCU3 versions 3.47.15 and prior, update to a version that includes proper authorization checks. As a temporary workaround, consider restricting access to sensitive system functionalities until a patch is available.