SB2024101830 - Multiple vulnerabilities in Kieback&Peter DDC4000 Series

Security Bulletin ID SB2024101830

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2024-41717)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

2) Insufficiently protected credentials (CVE-ID: CVE-2024-43812)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A local attacker can read the password hashes of all users on the system.

3) Use of Weak Credentials (CVE-ID: CVE-2024-43698)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of weak credentials. A remote attacker can gain administrative access.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05

SB2024101830 - Multiple vulnerabilities in Kieback&Peter DDC4000 Series

Breakdown by Severity

Description

Remediation

References

Please verify you're human