CVE-2024-43698 - Vulnerability Details

Vendors	Products
Kieback\&peter	Ddc4002 Firmware Ddc4002e Firmware Ddc4020e Firmware Ddc4040e Firmware Ddc4100 Firmware Ddc4200-l Firmware Ddc4200 Firmware Ddc4200e Firmware Ddc4400 Firmware Ddc4400e Firmware

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05

Type	Values Removed	Values Added
First Time appeared		Kieback\&peter Kieback\&peter ddc4002 Firmware Kieback\&peter ddc4002e Firmware Kieback\&peter ddc4020e Firmware Kieback\&peter ddc4040e Firmware Kieback\&peter ddc4100 Firmware Kieback\&peter ddc4200-l Firmware Kieback\&peter ddc4200 Firmware Kieback\&peter ddc4200e Firmware Kieback\&peter ddc4400 Firmware Kieback\&peter ddc4400e Firmware
CPEs		cpe:2.3:o:kieback\&peter:ddc4002_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4002e_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4020e_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4040e_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4100_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4200-l_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4200_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4200e_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4400_firmware:::::::: cpe:2.3:o:kieback\&peter:ddc4400e_firmware::::::::
Vendors & Products		Kieback\&peter Kieback\&peter ddc4002 Firmware Kieback\&peter ddc4002e Firmware Kieback\&peter ddc4020e Firmware Kieback\&peter ddc4040e Firmware Kieback\&peter ddc4100 Firmware Kieback\&peter ddc4200-l Firmware Kieback\&peter ddc4200 Firmware Kieback\&peter ddc4200e Firmware Kieback\&peter ddc4400 Firmware Kieback\&peter ddc4400e Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
Title		Kieback&Peter DDC4000 Series Use of Weak Credentials
Weaknesses		CWE-1391
References		https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43698", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-08-21T18:03:31.231Z", "datePublished": "2024-10-22T21:23:17.403Z", "dateUpdated": "2024-10-23T14:42:24.238Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DDC4040e", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.17.6", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4020e", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.17.6", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4400e", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.17.6", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4200e", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.17.6", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4002e", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.17.6", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4400", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.12.14", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4200-L", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.12.14", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4200", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.12.14", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4100", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.7.4", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DDC4002", "vendor": "Kieback&Peter", "versions": [{"lessThanOrEqual": "1.12.14", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."}], "datePublic": "2024-10-17T16:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Kieback &amp; Peter's DDC4000 series&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.</span>\n\n</span>\n\n</span>"}], "value": "Kieback & Peter's DDC4000 series\u00a0uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1391", "description": "CWE-1391 Use of Weak Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-10-22T21:23:17.403Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Kieback&amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.</p>\n<p>Kieback&amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.</p>\n<p>Kieback&amp;Peter recommends all affected users contact their local \nKieback&amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.</p>\n\n<br>"}], "value": "Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback&Peter recommends all affected users contact their local \nKieback&Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."}], "source": {"advisory": "ICSA-24-291-05", "discovery": "EXTERNAL"}, "title": "Kieback&Peter DDC4000 Series Use of Weak Credentials", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "kieback\\&peter", "product": "ddc4400_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4400_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.12.14", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4002e_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4002e_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.17.6", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4200e_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4200e_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.17.6", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4002_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4002_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.12.14", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4100_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4100_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.4", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4200_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4200_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.12.14", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4200-l_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4200-l_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.12.14", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4400e_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4400e_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.17.6", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4020e_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4020e_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.17.6", "versionType": "custom"}]}, {"vendor": "kieback\\&peter", "product": "ddc4040e_firmware", "cpes": ["cpe:2.3:o:kieback\\&peter:ddc4040e_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.17.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:42:13.531525Z", "id": "CVE-2024-43698", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:42:24.238Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-43698 (string)

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

state : PUBLISHED (string)

assignerShortName : icscert (string)

dateReserved : 2024-08-21T18:03:31.231Z (string)

datePublished : 2024-10-22T21:23:17.403Z (string)

dateUpdated : 2024-10-23T14:42:24.238Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : DDC4040e (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.17.6 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : DDC4020e (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.17.6 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : DDC4400e (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.17.6 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

product : DDC4200e (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.17.6 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

product : DDC4002e (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.17.6 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

5 : { »

defaultStatus : unaffected (string)

product : DDC4400 (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.12.14 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

6 : { »

defaultStatus : unaffected (string)

product : DDC4200-L (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.12.14 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

7 : { »

defaultStatus : unaffected (string)

product : DDC4200 (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.12.14 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

8 : { »

defaultStatus : unaffected (string)

product : DDC4100 (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.7.4 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

9 : { »

defaultStatus : unaffected (string)

product : DDC4002 (string)

vendor : Kieback&Peter (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.12.14 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : Raphael Ruf of terreActive AG reported these vulnerabilities to CISA. (string)

}

]

datePublic : 2024-10-17T16:36:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. (string)

}

]

value : Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

baseScore : 9.3 (number)

baseSeverity : CRITICAL (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (string)

version : 4.0 (string)

vulnAvailabilityImpact : HIGH (string)

vulnConfidentialityImpact : HIGH (string)

vulnIntegrityImpact : HIGH (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

1 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-1391 (string)

description : CWE-1391 Use of Weak Credentials (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

dateUpdated : 2024-10-22T21:23:17.403Z (string)

}

references : [ »

0 : { »

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05 (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are considered End-of-Life (EOL) and are no longer supported. Users operating these controllers should ensure they are operated in a strictly separate OT environment and consider updating to a supported controller. Kieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers. Kieback&Peter recommends all affected users contact their local Kieback&Peter office to update the firmware of the supported DDC systems to v1.21.0 or later. (string)

}

]

value : Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are considered End-of-Life (EOL) and are no longer supported. Users operating these controllers should ensure they are operated in a strictly separate OT environment and consider updating to a supported controller. Kieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers. Kieback&Peter recommends all affected users contact their local Kieback&Peter office to update the firmware of the supported DDC systems to v1.21.0 or later. (string)

}

]

source : { »

advisory : ICSA-24-291-05 (string)

discovery : EXTERNAL (string)

}

title : Kieback&Peter DDC4000 Series Use of Weak Credentials (string)

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : kieback\&peter (string)

product : ddc4400_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4400_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.12.14 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : kieback\&peter (string)

product : ddc4002e_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4002e_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.17.6 (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : kieback\&peter (string)

product : ddc4200e_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4200e_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.17.6 (string)

versionType : custom (string)

}

]

}

3 : { »

vendor : kieback\&peter (string)

product : ddc4002_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4002_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.12.14 (string)

versionType : custom (string)

}

]

}

4 : { »

vendor : kieback\&peter (string)

product : ddc4100_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4100_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.7.4 (string)

versionType : custom (string)

}

]

}

5 : { »

vendor : kieback\&peter (string)

product : ddc4200_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4200_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.12.14 (string)

versionType : custom (string)

}

]

}

6 : { »

vendor : kieback\&peter (string)

product : ddc4200-l_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4200-l_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.12.14 (string)

versionType : custom (string)

}

]

}

7 : { »

vendor : kieback\&peter (string)

product : ddc4400e_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4400e_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.17.6 (string)

versionType : custom (string)

}

]

}

8 : { »

vendor : kieback\&peter (string)

product : ddc4020e_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4020e_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.17.6 (string)

versionType : custom (string)

}

]

}

9 : { »

vendor : kieback\&peter (string)

product : ddc4040e_firmware (string)

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4040e_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 1.17.6 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-23T14:42:13.531525Z (string)

id : CVE-2024-43698 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-23T14:42:24.238Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43698", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T14:42:13.531525Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4400_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4400_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4002e_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4002e_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4200e_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4200e_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4002_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4002_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4100_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4100_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.7.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4200_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4200_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4200-l_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4200-l_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4400e_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4400e_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4020e_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4020e_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:kieback\\&peter:ddc4040e_firmware:*:*:*:*:*:*:*:*"], "vendor": "kieback\\&peter", "product": "ddc4040e_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:39:07.008Z"}}], "cna": {"title": "Kieback&Peter DDC4000 Series Use of Weak Credentials", "source": {"advisory": "ICSA-24-291-05", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Kieback&Peter", "product": "DDC4040e", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4020e", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4400e", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4200e", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4002e", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.17.6"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4400", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4200-L", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4200", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4100", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.7.4"}], "defaultStatus": "unaffected"}, {"vendor": "Kieback&Peter", "product": "DDC4002", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.14"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback&Peter recommends all affected users contact their local \nKieback&Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.", "supportingMedia": [{"type": "text/html", "value": "<p>Kieback&amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.</p>\n<p>Kieback&amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.</p>\n<p>Kieback&amp;Peter recommends all affected users contact their local \nKieback&amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.</p>\n\n<br>", "base64": false}]}], "datePublic": "2024-10-17T16:36:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Kieback & Peter's DDC4000 series\u00a0uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Kieback &amp; Peter's DDC4000 series&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.</span>\n\n</span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1391", "description": "CWE-1391 Use of Weak Credentials"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-10-22T21:23:17.403Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43698", "state": "PUBLISHED", "dateUpdated": "2024-10-23T14:42:24.238Z", "dateReserved": "2024-08-21T18:03:31.231Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-10-22T21:23:17.403Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-43698 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-23T14:42:13.531525Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4400_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4400_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4002e_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4002e_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4200e_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4200e_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unknown (string)

}

3 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4002_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4002_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unknown (string)

}

4 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4100_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4100_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.7.4 (string)

}

]

defaultStatus : unknown (string)

}

5 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4200_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4200_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unknown (string)

}

6 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4200-l_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4200-l_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unknown (string)

}

7 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4400e_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4400e_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unknown (string)

}

8 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4020e_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4020e_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unknown (string)

}

9 : { »

cpes : [ »

0 : cpe:2.3:o:kieback\&peter:ddc4040e_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : kieback\&peter (string)

product : ddc4040e_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-23T14:39:07.008Z (string)

}

]

cna : { »

title : Kieback&Peter DDC4000 Series Use of Weak Credentials (string)

source : { »

advisory : ICSA-24-291-05 (string)

discovery : EXTERNAL (string)

}

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : Raphael Ruf of terreActive AG reported these vulnerabilities to CISA. (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV4_0 : { »

Safety : NOT_DEFINED (string)

version : 4.0 (string)

Recovery : NOT_DEFINED (string)

baseScore : 9.3 (number)

Automatable : NOT_DEFINED (string)

attackVector : NETWORK (string)

baseSeverity : CRITICAL (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (string)

providerUrgency : NOT_DEFINED (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

privilegesRequired : NONE (string)

subIntegrityImpact : NONE (string)

vulnIntegrityImpact : HIGH (string)

subAvailabilityImpact : NONE (string)

vulnAvailabilityImpact : HIGH (string)

subConfidentialityImpact : NONE (string)

vulnConfidentialityImpact : HIGH (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

1 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 9.8 (number)

attackVector : NETWORK (string)

baseSeverity : CRITICAL (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : HIGH (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Kieback&Peter (string)

product : DDC4040e (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Kieback&Peter (string)

product : DDC4020e (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : Kieback&Peter (string)

product : DDC4400e (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unaffected (string)

}

3 : { »

vendor : Kieback&Peter (string)

product : DDC4200e (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unaffected (string)

}

4 : { »

vendor : Kieback&Peter (string)

product : DDC4002e (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.17.6 (string)

}

]

defaultStatus : unaffected (string)

}

5 : { »

vendor : Kieback&Peter (string)

product : DDC4400 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unaffected (string)

}

6 : { »

vendor : Kieback&Peter (string)

product : DDC4200-L (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unaffected (string)

}

7 : { »

vendor : Kieback&Peter (string)

product : DDC4200 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unaffected (string)

}

8 : { »

vendor : Kieback&Peter (string)

product : DDC4100 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.7.4 (string)

}

]

defaultStatus : unaffected (string)

}

9 : { »

vendor : Kieback&Peter (string)

product : DDC4002 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 1.12.14 (string)

}

]

defaultStatus : unaffected (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are considered End-of-Life (EOL) and are no longer supported. Users operating these controllers should ensure they are operated in a strictly separate OT environment and consider updating to a supported controller. Kieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers. Kieback&Peter recommends all affected users contact their local Kieback&Peter office to update the firmware of the supported DDC systems to v1.21.0 or later. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are considered End-of-Life (EOL) and are no longer supported. Users operating these controllers should ensure they are operated in a strictly separate OT environment and consider updating to a supported controller. Kieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers. Kieback&Peter recommends all affected users contact their local Kieback&Peter office to update the firmware of the supported DDC systems to v1.21.0 or later. (string)

base64 : false (boolean)

}

]

}

]

datePublic : 2024-10-17T16:36:00.000Z (string)

references : [ »

0 : { »

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05 (string)

}

]

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-1391 (string)

description : CWE-1391 Use of Weak Credentials (string)

}

]

}

]

providerMetadata : { »

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

dateUpdated : 2024-10-22T21:23:17.403Z (string)

}

cveMetadata : { »

cveId : CVE-2024-43698 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-23T14:42:24.238Z (string)

dateReserved : 2024-08-21T18:03:31.231Z (string)

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

datePublished : 2024-10-22T21:23:17.403Z (string)

assignerShortName : icscert (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kieback & Peter's DDC4000 series\u00a0uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system."}, {"lang": "es", "value": " La serie DDC4000 de Kieback &amp; Peter utiliza credenciales d\u00e9biles, lo que puede permitir que un atacante no autenticado obtenga derechos de administrador completos en el sistema."}], "id": "CVE-2024-43698", "lastModified": "2024-10-23T15:12:34.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-10-22T22:15:04.943", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1391"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. (string)

}

1 : { »

lang : es (string)

value : La serie DDC4000 de Kieback & Peter utiliza credenciales débiles, lo que puede permitir que un atacante no autenticado obtenga derechos de administrador completos en el sistema. (string)

}

]

id : CVE-2024-43698 (string)

lastModified : 2024-10-23T15:12:34.673 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

automatable : NOT_DEFINED (string)

availabilityRequirements : NOT_DEFINED (string)

baseScore : 9.3 (number)

baseSeverity : CRITICAL (string)

confidentialityRequirements : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirements : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubsequentSystemAvailability : NOT_DEFINED (string)

modifiedSubsequentSystemConfidentiality : NOT_DEFINED (string)

modifiedSubsequentSystemIntegrity : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnerableSystemAvailability : NOT_DEFINED (string)

modifiedVulnerableSystemConfidentiality : NOT_DEFINED (string)

modifiedVulnerableSystemIntegrity : NOT_DEFINED (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

recovery : NOT_DEFINED (string)

safety : NOT_DEFINED (string)

subsequentSystemAvailability : NONE (string)

subsequentSystemConfidentiality : NONE (string)

subsequentSystemIntegrity : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

vulnerableSystemAvailability : HIGH (string)

vulnerableSystemConfidentiality : HIGH (string)

vulnerableSystemIntegrity : HIGH (string)

}

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

]

}

published : 2024-10-22T22:15:04.943 (string)

references : [ »

0 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05 (string)

}

]

sourceIdentifier : ics-cert@hq.dhs.gov (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-1391 (string)

}

]

source : ics-cert@hq.dhs.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object