Vulnerability Details CVE-2019-14475
eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2019-14475
-
cpe:2.3:h:eq-3:ccu2:-
-
cpe:2.3:h:eq-3:ccu3:-
-
cpe:2.3:o:eq-3:ccu2_firmware:-
-
cpe:2.3:o:eq-3:ccu2_firmware:2.11.6
-
cpe:2.3:o:eq-3:ccu2_firmware:2.11.9
-
cpe:2.3:o:eq-3:ccu2_firmware:2.13.7
-
cpe:2.3:o:eq-3:ccu2_firmware:2.15.2
-
cpe:2.3:o:eq-3:ccu2_firmware:2.15.5
-
cpe:2.3:o:eq-3:ccu2_firmware:2.17.14
-
cpe:2.3:o:eq-3:ccu2_firmware:2.17.15
-
cpe:2.3:o:eq-3:ccu2_firmware:2.17.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.19.9
-
cpe:2.3:o:eq-3:ccu2_firmware:2.21.10
-
cpe:2.3:o:eq-3:ccu2_firmware:2.25.12
-
cpe:2.3:o:eq-3:ccu2_firmware:2.25.14
-
cpe:2.3:o:eq-3:ccu2_firmware:2.25.15
-
cpe:2.3:o:eq-3:ccu2_firmware:2.27.7
-
cpe:2.3:o:eq-3:ccu2_firmware:2.27.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.18
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.19
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.22
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.23
-
cpe:2.3:o:eq-3:ccu2_firmware:2.3.17
-
cpe:2.3:o:eq-3:ccu2_firmware:2.3.18
-
cpe:2.3:o:eq-3:ccu2_firmware:2.31.23
-
cpe:2.3:o:eq-3:ccu2_firmware:2.31.25
-
cpe:2.3:o:eq-3:ccu2_firmware:2.35.15
-
cpe:2.3:o:eq-3:ccu2_firmware:2.35.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.5
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.9
-
cpe:2.3:o:eq-3:ccu2_firmware:2.5.4
-
cpe:2.3:o:eq-3:ccu2_firmware:2.7.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.7.17
-
cpe:2.3:o:eq-3:ccu2_firmware:2.7.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.9.10
-
cpe:2.3:o:eq-3:ccu2_firmware:2.9.12
-
cpe:2.3:o:eq-3:ccu3_firmware:2.15.5
-
cpe:2.3:o:eq-3:ccu3_firmware:2.17.15
-
cpe:2.3:o:eq-3:ccu3_firmware:2.19.9
-
cpe:2.3:o:eq-3:ccu3_firmware:2.19.9-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.21.10
-
cpe:2.3:o:eq-3:ccu3_firmware:2.25.12
-
cpe:2.3:o:eq-3:ccu3_firmware:2.25.15
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.7
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.8
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.8-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.29.22
-
cpe:2.3:o:eq-3:ccu3_firmware:2.29.22-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.31.23
-
cpe:2.3:o:eq-3:ccu3_firmware:2.31.25
-
cpe:2.3:o:eq-3:ccu3_firmware:2.35.16
-
cpe:2.3:o:eq-3:ccu3_firmware:3.37.8
-
cpe:2.3:o:eq-3:ccu3_firmware:3.41.11
-
cpe:2.3:o:eq-3:ccu3_firmware:3.41.7
-
cpe:2.3:o:eq-3:ccu3_firmware:3.43.15
-
cpe:2.3:o:eq-3:ccu3_firmware:3.43.16