CVE-2024-32754

Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

CVSS 3.1 LOWEPSS 0.2%CWE-200

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Jul 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Johnson Controls · Kantech KT1 Door Controller, Rev01 Johnson Controls · Kantech KT2 Door Controller, Rev01 Johnson Controls · Kantech KT400 Door Controller, Rev01

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories