All the vulnerabilites related to Kieback&Peter - DDC4400e
cve-2024-43812
Vulnerability from cvelistv5
Published
2024-10-22 21:19
Modified
2024-10-23 14:43
Severity ?
8.6 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
Kieback&Peter DDC4000 Series Path Traversal Insufficiently Protected Credentials
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4100_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200-l_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4020e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4020e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4040e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4040e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:41:41.280464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:43:37.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DDC4040e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4020e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200-L",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4100",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-10-17T16:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKieback \u0026amp; Peter\u0027s DDC4000 series\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehas an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Kieback \u0026 Peter\u0027s DDC4000 series\u00a0has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T21:19:23.383Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKieback\u0026amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends all affected users contact their local \nKieback\u0026amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kieback\u0026Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback\u0026Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback\u0026Peter recommends all affected users contact their local \nKieback\u0026Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."
}
],
"source": {
"advisory": "ICSA-24-291-05",
"discovery": "EXTERNAL"
},
"title": "Kieback\u0026Peter DDC4000 Series Path Traversal Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-43812",
"datePublished": "2024-10-22T21:19:23.383Z",
"dateReserved": "2024-08-21T18:03:31.222Z",
"dateUpdated": "2024-10-23T14:43:37.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43698
Vulnerability from cvelistv5
Published
2024-10-22 21:23
Modified
2024-10-23 14:42
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
Kieback&Peter DDC4000 Series Use of Weak Credentials
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4100_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200-l_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4020e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4020e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4040e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4040e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:42:13.531525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:42:24.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DDC4040e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4020e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200-L",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4100",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-10-17T16:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKieback \u0026amp; Peter\u0027s DDC4000 series\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Kieback \u0026 Peter\u0027s DDC4000 series\u00a0uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T21:23:17.403Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKieback\u0026amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends all affected users contact their local \nKieback\u0026amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kieback\u0026Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback\u0026Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback\u0026Peter recommends all affected users contact their local \nKieback\u0026Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."
}
],
"source": {
"advisory": "ICSA-24-291-05",
"discovery": "EXTERNAL"
},
"title": "Kieback\u0026Peter DDC4000 Series Use of Weak Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-43698",
"datePublished": "2024-10-22T21:23:17.403Z",
"dateReserved": "2024-08-21T18:03:31.231Z",
"dateUpdated": "2024-10-23T14:42:24.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41717
Vulnerability from cvelistv5
Published
2024-10-22 21:13
Modified
2024-10-23 14:43
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
Kieback&Peter DDC4000 Series Path Traversal
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4100_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200-l_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4020e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4020e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4040e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4040e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:42:00.715222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:43:52.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DDC4040e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4020e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200-L",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4100",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-10-17T16:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKieback \u0026amp; Peter\u0027s DDC4000 series\u0026nbsp;is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Kieback \u0026 Peter\u0027s DDC4000 series\u00a0is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T21:13:37.183Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKieback\u0026amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends all affected users contact their local \nKieback\u0026amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kieback\u0026Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback\u0026Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback\u0026Peter recommends all affected users contact their local \nKieback\u0026Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."
}
],
"source": {
"advisory": "ICSA-24-291-05",
"discovery": "EXTERNAL"
},
"title": "Kieback\u0026Peter DDC4000 Series Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-41717",
"datePublished": "2024-10-22T21:13:37.183Z",
"dateReserved": "2024-08-21T18:03:31.239Z",
"dateUpdated": "2024-10-23T14:43:52.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}