#VU98822 Use of Weak Credentials in Kieback&Peter products - CVE-2024-43698


Vulnerability identifier: #VU98822

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-43698

CWE-ID: CWE-1391

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DDC4002
Hardware solutions / Firmware
DDC4100
Hardware solutions / Firmware
DDC4200
Hardware solutions / Firmware
DDC4200-L
Hardware solutions / Firmware
DDC4400
Hardware solutions / Firmware
DDC4002e
Hardware solutions / Firmware
DDC4200e
Hardware solutions / Firmware
DDC4400e
Hardware solutions / Firmware
DDC4020e
Hardware solutions / Firmware
DDC4040e
Hardware solutions / Firmware

Vendor: Kieback&Peter

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of weak credentials. A remote attacker can gain administrative access.

Mitigation
Install update from vendor's website.

Vulnerable software versions

DDC4002: 1.12.14

DDC4100: 1.7.4

DDC4200: 1.12.14

DDC4200-L: 1.12.14

DDC4400: 1.12.14

DDC4002e: 1.17.6

DDC4200e: 1.17.6

DDC4400e: 1.17.6

DDC4020e: 1.17.6

DDC4040e: 1.17.6

External links
https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Kieback&Peter DDC4000 Series