CVE-2024-47945 is a vulnerability in RITTAL GmbH & Co. KG's IoT Interface and CMC III Processing Unit firmware versions prior to 6.21.00.2. The root cause is the generation of predictable session IDs due to insufficient entropy in the random number generation process. Specifically, the session ID generation relies on the standard C library rand() function without proper seeding via srand(), resulting in only 32,768 possible session ID values per user. This predictability allows an attacker to pre-generate valid session IDs and hijack active user sessions remotely without requiring authentication or user interaction. The vulnerability falls under CWE-340 (Generation of Predictable Numbers or Identifiers). The impact includes unauthorized access to user sessions, leading to potential exposure or manipulation of sensitive data and control interfaces. The CVSS 3.1 base score is 9.1 (critical), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating network exploitable, low attack complexity, no privileges or user interaction needed, and high confidentiality and integrity impact. No known exploits are currently reported in the wild, but the vulnerability's nature makes it a high-risk target for attackers. The lack of patch links suggests that vendors have not yet released fixes, emphasizing the need for immediate mitigation measures.

For European organizations, this vulnerability poses a severe risk, especially those in industrial automation, manufacturing, and critical infrastructure sectors that deploy RITTAL IoT Interface and CMC III Processing Units. Unauthorized session hijacking can lead to exposure of sensitive operational data, unauthorized control commands, and potential sabotage or espionage. Confidentiality and integrity of data are directly compromised, which can disrupt trust in automated systems and lead to regulatory non-compliance under GDPR if personal or sensitive data is involved. Although availability is not directly impacted, the indirect effects of unauthorized access could cause operational disruptions. The ease of exploitation without authentication or user interaction increases the threat level, making it attractive for cybercriminals and state-sponsored actors targeting European industrial environments. This could also affect supply chains and critical infrastructure resilience within Europe.

1. Apply firmware updates from RITTAL as soon as they become available to address the session ID generation flaw. 2. Until patches are released, implement network segmentation to isolate vulnerable devices from broader enterprise networks, limiting attacker access. 3. Deploy strict access controls and monitor network traffic for anomalous session ID usage or repeated session attempts indicative of brute-force or pre-generation attacks. 4. Use VPNs or secure tunnels for remote access to these devices to add an additional layer of authentication and encryption. 5. Conduct regular security audits and penetration tests focusing on IoT and industrial control systems to detect exploitation attempts early. 6. Collaborate with RITTAL support and cybersecurity vendors for threat intelligence sharing and incident response planning. 7. Consider disabling remote management interfaces if not strictly necessary or restrict them to trusted IP ranges.