Multiple vulnerabilities in Kieback&Peter DDC4000 Series
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-41717 CVE-2024-43812 CVE-2024-43698 |
| CWE-ID | CWE-22 CWE-522 CWE-1391 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
DDC4002 Hardware solutions / Firmware DDC4100 Hardware solutions / Firmware DDC4200 Hardware solutions / Firmware DDC4200-L Hardware solutions / Firmware DDC4400 Hardware solutions / Firmware DDC4002e Hardware solutions / Firmware DDC4200e Hardware solutions / Firmware DDC4400e Hardware solutions / Firmware DDC4020e Hardware solutions / Firmware DDC4040e Hardware solutions / Firmware |
| Vendor | Kieback&Peter |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU98819
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-41717
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDDC4002: - - 1.12.14
DDC4100: - - 1.7.4
DDC4200: - - 1.12.14
DDC4200-L: - - 1.12.14
DDC4400: - - 1.12.14
DDC4002e: - - 1.17.6
DDC4200e: - - 1.17.6
DDC4400e: - - 1.17.6
DDC4020e: - - 1.17.6
DDC4040e: - - 1.17.6
CPE2.3- cpe:2.3:h:kieback_and_peter:ddc4002:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4002:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4100:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200-l:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200-l:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4002e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4020e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4040e:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficiently protected credentials
EUVDB-ID: #VU98821
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43812
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficiently protected credentials. A local attacker can read the password hashes of all users on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDDC4002: - - 1.12.14
DDC4100: - - 1.7.4
DDC4200: - - 1.12.14
DDC4200-L: - - 1.12.14
DDC4400: - - 1.12.14
DDC4002e: - - 1.17.6
DDC4200e: - - 1.17.6
DDC4400e: - - 1.17.6
DDC4020e: - - 1.17.6
DDC4040e: - - 1.17.6
CPE2.3- cpe:2.3:h:kieback_and_peter:ddc4002:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4002:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4100:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200-l:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200-l:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4002e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4020e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4040e:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Weak Credentials
EUVDB-ID: #VU98822
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-43698
CWE-ID:
CWE-1391 - Use of Weak Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of weak credentials. A remote attacker can gain administrative access.
MitigationInstall update from vendor's website.
Vulnerable software versionsDDC4002: - - 1.12.14
DDC4100: - - 1.7.4
DDC4200: - - 1.12.14
DDC4200-L: - - 1.12.14
DDC4400: - - 1.12.14
DDC4002e: - - 1.17.6
DDC4200e: - - 1.17.6
DDC4400e: - - 1.17.6
DDC4020e: - - 1.17.6
DDC4040e: - - 1.17.6
CPE2.3- cpe:2.3:h:kieback_and_peter:ddc4002:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4002:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4100:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200-l:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200-l:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400:1.12.14:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4002e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4200e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4400e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4020e:*:*:*:*:*:*:*:*
- cpe:2.3:h:kieback_and_peter:ddc4040e:*:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
