CVE-2024-32754

Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

CVSS 3.1 LOWEPSS 0.2%CWE-200

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

Johnson Controls · Kantech KT1 Door Controller, Rev01 Johnson Controls · Kantech KT2 Door Controller, Rev01 Johnson Controls · Kantech KT400 Door Controller, Rev01

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories