Unknown
CVE-2019-9583
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2019-9583
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- homematic ccu2 firmware -,
- homematic ccu2 firmware 2.35.16,
- homematic ccu2 firmware 2.41.5,
- homematic ccu2 firmware 2.41.8,
- homematic ccu2 firmware 2.41.9,
- homematic ccu2 firmware 2.45.6,
- homematic ccu2 firmware 2.45.7,
- homematic ccu2 firmware 2.47.10,
- homematic ccu2 firmware 2.47.12,
- homematic ccu2 firmware 2.47.15,
- homematic ccu3 firmware 3.41.11,
- homematic ccu3 firmware 3.43.16,
- homematic ccu3 firmware 3.45.5,
- homematic ccu3 firmware 3.45.7,
- homematic ccu3 firmware 3.47.10,
- homematic ccu3 firmware 3.47.15
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
