Search criteria
2 vulnerabilities by Kieback & Peter
CVE-2026-4293 (GCVE-0-2026-4293)
Vulnerability from cvelistv5 – Published: 2026-05-20 14:39 – Updated: 2026-05-20 15:28
VLAI?
Title
Kieback & Peter DDC Building Controllers Cross-site Scripting
Summary
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kieback & Peter | DDC4002 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4100 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4200 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4200-L |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4400 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback & Peter | DDC4002e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4200e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4400e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4020e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC4040e |
Affected:
0 , ≤ 1.23.4
(custom)
|
|
| Kieback & Peter | DDC520 |
Affected:
0 , ≤ 1.24.1
(custom)
|
Date Public ?
2026-05-19 14:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T15:28:18.234158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:28:28.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DDC4002",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4100",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200-L",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4020e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4040e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC520",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.24.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand of G DATA Advanced Analytics reported this vulnerability to CISA."
}
],
"datePublic": "2026-05-19T14:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected\u0026nbsp;Kieback \u0026amp; Peter DDC building controllers\u0026nbsp;are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim\u0027s browser, which allows the attacker to control the browser."
}
],
"value": "The affected\u00a0Kieback \u0026 Peter DDC building controllers\u00a0are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim\u0027s browser, which allows the attacker to control the browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:45:45.161Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-05"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-05.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nFor DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, update the firmware to the latest available version:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDDC4002e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4200e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4400e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4020e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC4040e: Update to version 1.23.5 or newer\u003c/li\u003e\u003cli\u003e\nDDC520: Update to version 1.24.2 or newer\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "For DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, update the firmware to the latest available version:\u00a0\n\n * DDC4002e: Update to version 1.23.5 or newer\n * \nDDC4200e: Update to version 1.23.5 or newer\n * \nDDC4400e: Update to version 1.23.5 or newer\n * \nDDC4020e: Update to version 1.23.5 or newer\n * \nDDC4040e: Update to version 1.23.5 or newer\n * \nDDC520: Update to version 1.24.2 or newer"
}
],
"source": {
"advisory": "ICSA-26-139-05",
"discovery": "EXTERNAL"
},
"title": "Kieback \u0026 Peter DDC Building Controllers Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Kieback \u0026amp; Peter DDC Building Controllers are developed and designed \nfor use in closed building automation networks. The system is protected \nby a multi-level perimeter against attacks, especially from outside, by \ndividing it into operational technology (OT) zones with firewalls. \nBuilding automation systems (BA systems) in general should not be \ndirectly accessible from untrusted networks, especially from the \nInternet, but should be protected by consistently applying the \ndefense-in-depth strategy. This concept is supported by organizational \nmeasures in the building as part of a safety management system. In order\n to achieve safety, measures are required at all levels."
}
],
"value": "Kieback \u0026 Peter DDC Building Controllers are developed and designed \nfor use in closed building automation networks. The system is protected \nby a multi-level perimeter against attacks, especially from outside, by \ndividing it into operational technology (OT) zones with firewalls. \nBuilding automation systems (BA systems) in general should not be \ndirectly accessible from untrusted networks, especially from the \nInternet, but should be protected by consistently applying the \ndefense-in-depth strategy. This concept is supported by organizational \nmeasures in the building as part of a safety management system. In order\n to achieve safety, measures are required at all levels."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are \nend-of-maintenance, therefore the recommendations for these devices are \nas follows:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eThese devices must be operated in a strictly separate OT \nenvironment.\u003c/li\u003e\u003cli\u003e\nOnly trusted \nindividuals should be granted network access to the DDC web portal.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Access to the web \nportal should be disabled in the device configuration if not required.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Users should be \ninformed that only links from trusted sources should be used to access \nthe web service.\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Restrict network access to the \ndevice\u003c/li\u003e\u003cli\u003e\n\u0026nbsp;Do not directly connect the \ndevice to the Internet\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are \nend-of-maintenance, therefore the recommendations for these devices are \nas follows:\u00a0\n\n * These devices must be operated in a strictly separate OT \nenvironment.\n * \nOnly trusted \nindividuals should be granted network access to the DDC web portal.\n * \n\u00a0Access to the web \nportal should be disabled in the device configuration if not required.\n * \n\u00a0Users should be \ninformed that only links from trusted sources should be used to access \nthe web service.\n * \n\u00a0Restrict network access to the \ndevice\n * \n\u00a0Do not directly connect the \ndevice to the Internet"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers,\u0026nbsp;\nKieback \u0026amp; Peter\n\nrecommends the following safety measures: \u003c/p\u003e\n\u003cul\u003e\u003cli\u003eRestrict network access to the device\u003c/li\u003e\u003cli\u003eDo not directly connect the device to the Internet \u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "For DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers,\u00a0\nKieback \u0026 Peter\n\nrecommends the following safety measures: \n\n\n * Restrict network access to the device\n * Do not directly connect the device to the Internet"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-4293",
"datePublished": "2026-05-20T14:39:59.812Z",
"dateReserved": "2026-03-16T17:01:03.386Z",
"dateUpdated": "2026-05-20T15:28:28.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41717 (GCVE-0-2024-41717)
Vulnerability from cvelistv5 – Published: 2024-10-22 21:13 – Updated: 2024-10-23 14:43
VLAI?
Title
Kieback&Peter DDC4000 Series Path Traversal
Summary
Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.
Severity ?
9.8 (Critical)
CWE
- CWE-22 - Path Traversal
Assigner
References
1 reference
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kieback & Peter | DDC4040e |
Affected:
0 , ≤ 1.17.6
(custom)
|
|
| Kieback&Peter | DDC4020e |
Affected:
0 , ≤ 1.17.6
(custom)
|
|
| Kieback&Peter | DDC4400e |
Affected:
0 , ≤ 1.17.6
(custom)
|
|
| Kieback&Peter | DDC4200e |
Affected:
0 , ≤ 1.17.6
(custom)
|
|
| Kieback&Peter | DDC4002e |
Affected:
0 , ≤ 1.17.6
(custom)
|
|
| Kieback&Peter | DDC4400 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback&Peter | DDC4200-L |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback&Peter | DDC4200 |
Affected:
0 , ≤ 1.12.14
(custom)
|
|
| Kieback&Peter | DDC4100 |
Affected:
0 , ≤ 1.7.4
(custom)
|
|
| Kieback&Peter | DDC4002 |
Affected:
0 , ≤ 1.12.14
(custom)
|
Date Public ?
2024-10-17 16:36
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4002_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4002_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4100_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4200-l_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4400e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4400e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4020e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4020e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:kieback\\\u0026peter:ddc4040e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ddc4040e_firmware",
"vendor": "kieback\\\u0026peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:42:00.715222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:43:52.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DDC4040e",
"vendor": "Kieback \u0026 Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4020e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002e",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4400",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200-L",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4200",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4100",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DDC4002",
"vendor": "Kieback\u0026Peter",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-10-17T16:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKieback \u0026amp; Peter\u0027s DDC4000 series\u0026nbsp;is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Kieback \u0026 Peter\u0027s DDC4000 series\u00a0is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T21:13:37.183Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKieback\u0026amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\u003c/p\u003e\n\u003cp\u003eKieback\u0026amp;Peter recommends all affected users contact their local \nKieback\u0026amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kieback\u0026Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback\u0026Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback\u0026Peter recommends all affected users contact their local \nKieback\u0026Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."
}
],
"source": {
"advisory": "ICSA-24-291-05",
"discovery": "EXTERNAL"
},
"title": "Kieback\u0026Peter DDC4000 Series Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-41717",
"datePublished": "2024-10-22T21:13:37.183Z",
"dateReserved": "2024-08-21T18:03:31.239Z",
"dateUpdated": "2024-10-23T14:43:52.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}