ICSA-24-291-05 · Published 2024-10-17 · View on CISA ICS-CERT ↗

Kieback&Peter DDC4000 Series

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system.

CVEs (3)

CVE-2024-41717 CVE-2024-43812 CVE-2024-43698

Remediations

Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are considered End-of-Life (EOL) and are no longer supported. Users operating these controllers should ensure they are operated in a strictly separate OT environment and consider updating to a supported controller.
Kieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.
Kieback&Peter recommends all affected customers to contact their local Kieback&Peter office to update the firmware of the supported DDC systems to v1.21.0 or later.

Affected Vendors

Kieback&Peter

Affected Products (10)

Kieback&Peter · DDC4002 <=1.12.14

Kieback&Peter · DDC4100 <=1.7.4

Kieback&Peter · DDC4200 <=1.12.14

Kieback&Peter · DDC4200-L <=1.12.14

Kieback&Peter · DDC4400 <=1.12.14

Kieback&Peter · DDC4002e <=1.17.6

Kieback&Peter · DDC4200e <=1.17.6

Kieback&Peter · DDC4400e <=1.17.6

Kieback&Peter · DDC4020e <=1.17.6

Kieback&Peter · DDC4040e <=1.17.6

Affected Sectors

Critical Infrastructure Sectors, Commercial Facilities Sector, Communications Sector, Financial Services Sector, Food and Agriculture Sector, Government Services and Facilities Sector, Healthcare and Public Health Sector, Information Technology Sector

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more