PT-2019-19725 · Eq 3 · Homematic Ccu2+1
Psytester
·
Published
2019-08-14
·
Updated
2020-04-10
·
CVE-2019-9583
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
eQ-3 Homematic CCU2 versions 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15
eQ-3 Homematic CCU3 versions 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15
Description
The issue allows an attacker to obtain session IDs without logging in, potentially leading to a Denial of Service and serving as a starting point for other attacks.
Recommendations
For eQ-3 Homematic CCU2 versions 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15, update to a version that fixes the issue.
For eQ-3 Homematic CCU3 versions 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15, update to a version that fixes the issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Homematic Ccu2
Homematic Ccu3