CVE-2024-32754

Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

CVSS 3.1 LOWEPSS 0.2%CWE-200

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

04 jul 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

Johnson Controls · Kantech KT1 Door Controller, Rev01 Johnson Controls · Kantech KT2 Door Controller, Rev01 Johnson Controls · Kantech KT400 Door Controller, Rev01

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories