CVE-2019-9583

Published Aug 14, 2019

Last updated 5 years ago

CVSS high 8.2

Overview

Description: eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 4.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.41.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F63AD6F8-1BE7-481B-BDDE-45234840B530"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.43.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED2A0030-E46B-42EE-B545-1D04D46F3FB5"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.45.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2C1A46E-178C-4893-A172-6D081D9BAA67"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.45.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75BE927B-CD17-4293-A440-8DD29C8CD23E"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4E76C1E-A745-4BEA-B3B2-2B613DA4FCC5"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96CA7522-DB7E-4F61-BD85-A8F665AFC697"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC8E6D04-7E53-4471-A20F-66C974B5B751"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.35.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2313AB9D-E18F-4603-8CE5-D0C3D9660785"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.41.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFE9F1F1-70FB-470C-8455-201797CA50D5"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.41.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CE5BE83-688F-4188-844F-328C846D90C2"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.41.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "592EDF0E-792F-4DEC-9926-E33675C5C7C9"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.45.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38DF6345-9A75-4E5C-9BEC-CB6A0767E739"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.45.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1FA10A6-D09E-44EC-ABEB-49CFA8780456"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.47.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E02A84D1-C6F6-4DE0-88A3-85F41A90D9EB"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.47.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84030C3C-ED0D-4CB5-863C-F5663AE4AFE1"
          },
          {
            "criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.47.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F03E1DE6-70FF-4EE9-A3E2-44020B64ADDB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References