CVE-2024-32754

Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

CVSS 3.1 LOWEPSS 0.2%CWE-200

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

Johnson Controls · Kantech KT1 Door Controller, Rev01 Johnson Controls · Kantech KT2 Door Controller, Rev01 Johnson Controls · Kantech KT400 Door Controller, Rev01

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories