PT-2019-14436 · Eq 3 · Homematic Ccu3

Joshua Lehr

Published

2019-10-17

Updated

2020-08-24

CVE-2019-15850

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions eQ-3 HomeMatic CCU3 version 3.41.11

Description The issue allows for Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system.

Recommendations For version 3.41.11, consider disabling the ReGa.runScript method until a patch is available to prevent Remote Code Execution.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-15850

Affected Products

Homematic Ccu3

PT-2019-14436 · Eq 3 · Homematic Ccu3

CVE-2019-15850

Weakness Enumeration

Related Identifiers

Affected Products

References · 4