Vulnerabilities > Rittal

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-47945 Insufficient Entropy vulnerability in Rittal products
The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm.
network
low complexity
rittal CWE-331
critical
9.8
2023-03-02 CVE-2022-40633 Unspecified vulnerability in Rittal CMC III Firmware
A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.
low complexity
rittal
4.6
2021-09-09 CVE-2021-40222 OS Command Injection vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704
Rittal CMC PU III Web management Version affected: V3.11.00_2.
network
low complexity
rittal CWE-78
7.2
2021-09-09 CVE-2021-40223 Cross-site Scripting vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog).
network
low complexity
rittal CWE-79
5.4
2020-10-01 CVE-2019-19393 Cross-site Scripting vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page.
network
low complexity
rittal CWE-79
6.1
2020-07-14 CVE-2020-11956 Improper Privilege Management vulnerability in Rittal products
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices.
network
low complexity
rittal CWE-269
critical
9.8
2020-07-14 CVE-2020-11955 Incorrect Default Permissions vulnerability in Rittal products
An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices.
network
low complexity
rittal CWE-276
8.8
2020-07-14 CVE-2020-11953 OS Command Injection vulnerability in Rittal products
An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices.
network
low complexity
rittal CWE-78
8.8
2020-07-14 CVE-2020-11952 Unspecified vulnerability in Rittal products
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices.
local
low complexity
rittal
6.2
2020-07-14 CVE-2020-11951 Use of Hard-coded Credentials vulnerability in Rittal products
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices.
network
low complexity
rittal CWE-798
critical
9.8