Search criteria
2 vulnerabilities found for DDC4200e by Kieback & Peter
CVE-2026-4293 (GCVE-0-2026-4293)
Vulnerability from nvd – Published: 2026-05-20 14:39 – Updated: 2026-05-20 15:28
VLAI?
Title
Kieback & Peter DDC Building Controllers Cross-site Scripting
Summary
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kieback & Peter | DDC4002 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4100 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4200 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4200-L |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4400 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4002e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4200e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4400e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4020e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4040e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC520 |
Affected:
0 , ≤ 1.24.1
(custom)
|
Date Public ?
2026-05-19 14:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T15:28:18.234158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:28:28.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DDC4002",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4100",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200-L",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4020e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4040e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC520",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.24.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand of G DATA Advanced Analytics reported this vulnerability to CISA."
}
],
"datePublic": "2026-05-19T14:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected\u0026nbsp;Kieback \u0026amp; Peter DDC building controllers\u0026nbsp;are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim\u0027s browser, which allows the attacker to control the browser."
}
],
"value": "The affected\u00a0Kieback \u0026 Peter DDC building controllers\u00a0are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim\u0027s browser, which allows the attacker to control the browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:45:45.161Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-05"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-05.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nFor DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, update the firmware to the latest available version:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDDC4002e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4200e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4400e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4020e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4040e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC520: Update to version 1.24.2 or newer\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "For DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, update the firmware to the latest available version:\u00a0\n\n * DDC4002e: Update to version 1.23.5 or newer\n * \nDDC4200e: Update to version 1.23.5 or newer\n * \nDDC4400e: Update to version 1.23.5 or newer\n * \nDDC4020e: Update to version 1.23.5 or newer\n * \nDDC4040e: Update to version 1.23.5 or newer\n * \nDDC520: Update to version 1.24.2 or newer"
}
],
"source": {
"advisory": "ICSA-26-139-05",
"discovery": "EXTERNAL"
},
"title": "Kieback \u0026 Peter DDC Building Controllers Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Kieback \u0026amp; Peter DDC Building Controllers are developed and designed \nfor use in closed building automation networks. The system is protected \nby a multi-level perimeter against attacks, especially from outside, by \ndividing it into operational technology (OT) zones with firewalls. \nBuilding automation systems (BA systems) in general should not be \ndirectly accessible from untrusted networks, especially from the \nInternet, but should be protected by consistently applying the \ndefense-in-depth strategy. This concept is supported by organizational \nmeasures in the building as part of a safety management system. In order\n to achieve safety, measures are required at all levels."
}
],
"value": "Kieback \u0026 Peter DDC Building Controllers are developed and designed \nfor use in closed building automation networks. The system is protected \nby a multi-level perimeter against attacks, especially from outside, by \ndividing it into operational technology (OT) zones with firewalls. \nBuilding automation systems (BA systems) in general should not be \ndirectly accessible from untrusted networks, especially from the \nInternet, but should be protected by consistently applying the \ndefense-in-depth strategy. This concept is supported by organizational \nmeasures in the building as part of a safety management system. In order\n to achieve safety, measures are required at all levels."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are \nend-of-maintenance, therefore the recommendations for these devices are \nas follows:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eThese devices must be operated in a strictly separate OT \nenvironment.\u003c/li\u003e\u003cli\u003e\nOnly trusted \nindividuals should be granted network access to the DDC web portal.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Access to the web \nportal should be disabled in the device configuration if not required.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Users should be \ninformed that only links from trusted sources should be used to access \nthe web service.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Restrict network access to the \ndevice\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Do not directly connect the \ndevice to the Internet\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are \nend-of-maintenance, therefore the recommendations for these devices are \nas follows:\u00a0\n\n * These devices must be operated in a strictly separate OT \nenvironment.\n * \nOnly trusted \nindividuals should be granted network access to the DDC web portal.\n * \n\u00a0Access to the web \nportal should be disabled in the device configuration if not required.\n * \n\u00a0Users should be \ninformed that only links from trusted sources should be used to access \nthe web service.\n * \n\u00a0Restrict network access to the \ndevice\n * \n\u00a0Do not directly connect the \ndevice to the Internet"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers,\u0026nbsp;\nKieback \u0026amp; Peter\n\nrecommends the following safety measures: \u003c/p\u003e\n\u003cul\u003e\u003cli\u003eRestrict network access to the device\u003c/li\u003e\u003cli\u003eDo not directly connect the device to the Internet \u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "For DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers,\u00a0\nKieback \u0026 Peter\n\nrecommends the following safety measures: \n\n\n * Restrict network access to the device\n * Do not directly connect the device to the Internet"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-4293",
"datePublished": "2026-05-20T14:39:59.812Z",
"dateReserved": "2026-03-16T17:01:03.386Z",
"dateUpdated": "2026-05-20T15:28:28.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4293 (GCVE-0-2026-4293)
Vulnerability from cvelistv5 – Published: 2026-05-20 14:39 – Updated: 2026-05-20 15:28
VLAI?
Title
Kieback & Peter DDC Building Controllers Cross-site Scripting
Summary
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kieback & Peter | DDC4002 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4100 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4200 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4200-L |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4400 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4002e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4200e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4400e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4020e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4040e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC520 |
Affected:
0 , ≤ 1.24.1
(custom)
|
Date Public ?
2026-05-19 14:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T15:28:18.234158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:28:28.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DDC4002",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4100",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200-L",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4020e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4040e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC520",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.24.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand of G DATA Advanced Analytics reported this vulnerability to CISA."
}
],
"datePublic": "2026-05-19T14:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected\u0026nbsp;Kieback \u0026amp; Peter DDC building controllers\u0026nbsp;are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim\u0027s browser, which allows the attacker to control the browser."
}
],
"value": "The affected\u00a0Kieback \u0026 Peter DDC building controllers\u00a0are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim\u0027s browser, which allows the attacker to control the browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:45:45.161Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-05"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-05.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nFor DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, update the firmware to the latest available version:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDDC4002e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4200e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4400e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4020e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4040e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC520: Update to version 1.24.2 or newer\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "For DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, update the firmware to the latest available version:\u00a0\n\n * DDC4002e: Update to version 1.23.5 or newer\n * \nDDC4200e: Update to version 1.23.5 or newer\n * \nDDC4400e: Update to version 1.23.5 or newer\n * \nDDC4020e: Update to version 1.23.5 or newer\n * \nDDC4040e: Update to version 1.23.5 or newer\n * \nDDC520: Update to version 1.24.2 or newer"
}
],
"source": {
"advisory": "ICSA-26-139-05",
"discovery": "EXTERNAL"
},
"title": "Kieback \u0026 Peter DDC Building Controllers Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Kieback \u0026amp; Peter DDC Building Controllers are developed and designed \nfor use in closed building automation networks. The system is protected \nby a multi-level perimeter against attacks, especially from outside, by \ndividing it into operational technology (OT) zones with firewalls. \nBuilding automation systems (BA systems) in general should not be \ndirectly accessible from untrusted networks, especially from the \nInternet, but should be protected by consistently applying the \ndefense-in-depth strategy. This concept is supported by organizational \nmeasures in the building as part of a safety management system. In order\n to achieve safety, measures are required at all levels."
}
],
"value": "Kieback \u0026 Peter DDC Building Controllers are developed and designed \nfor use in closed building automation networks. The system is protected \nby a multi-level perimeter against attacks, especially from outside, by \ndividing it into operational technology (OT) zones with firewalls. \nBuilding automation systems (BA systems) in general should not be \ndirectly accessible from untrusted networks, especially from the \nInternet, but should be protected by consistently applying the \ndefense-in-depth strategy. This concept is supported by organizational \nmeasures in the building as part of a safety management system. In order\n to achieve safety, measures are required at all levels."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are \nend-of-maintenance, therefore the recommendations for these devices are \nas follows:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eThese devices must be operated in a strictly separate OT \nenvironment.\u003c/li\u003e\u003cli\u003e\nOnly trusted \nindividuals should be granted network access to the DDC web portal.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Access to the web \nportal should be disabled in the device configuration if not required.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Users should be \ninformed that only links from trusted sources should be used to access \nthe web service.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Restrict network access to the \ndevice\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Do not directly connect the \ndevice to the Internet\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are \nend-of-maintenance, therefore the recommendations for these devices are \nas follows:\u00a0\n\n * These devices must be operated in a strictly separate OT \nenvironment.\n * \nOnly trusted \nindividuals should be granted network access to the DDC web portal.\n * \n\u00a0Access to the web \nportal should be disabled in the device configuration if not required.\n * \n\u00a0Users should be \ninformed that only links from trusted sources should be used to access \nthe web service.\n * \n\u00a0Restrict network access to the \ndevice\n * \n\u00a0Do not directly connect the \ndevice to the Internet"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers,\u0026nbsp;\nKieback \u0026amp; Peter\n\nrecommends the following safety measures: \u003c/p\u003e\n\u003cul\u003e\u003cli\u003eRestrict network access to the device\u003c/li\u003e\u003cli\u003eDo not directly connect the device to the Internet \u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "For DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers,\u00a0\nKieback \u0026 Peter\n\nrecommends the following safety measures: \n\n\n * Restrict network access to the device\n * Do not directly connect the device to the Internet"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-4293",
"datePublished": "2026-05-20T14:39:59.812Z",
"dateReserved": "2026-03-16T17:01:03.386Z",
"dateUpdated": "2026-05-20T15:28:28.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}