CVE-2024-43698
published 2024-10-22CVE-2024-43698: Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.43%
34.4th percentile
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kieback_peter | ddc4002 | <= 1.12.14 | — |
| kieback_peter | ddc4002e | <= 1.17.6 | — |
| kieback_peter | ddc4020e | <= 1.17.6 | — |
| kieback_peter | ddc4040e | <= 1.17.6 | — |
| kieback_peter | ddc4100 | <= 1.7.4 | — |
| kieback_peter | ddc4200 | <= 1.12.14 | — |
| kieback_peter | ddc4200-l | <= 1.12.14 | — |
| kieback_peter | ddc4200e | <= 1.17.6 | — |
| kieback_peter | ddc4400 | <= 1.12.14 | — |
| kieback_peter | ddc4400e | <= 1.17.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated access attempts to /etc/passwd on Kieback&Peter DDC4000 series devices, which could indicate exploitation of credential exposure vulnerabilities chained with CVE-2024-43698 weak credentials. ↗
- →Alert on unauthenticated remote connections achieving administrative access on DDC4000 series devices (DDC4002, DDC4100, DDC4200, DDC4200-L, DDC4400, DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e) running firmware versions at or below the affected thresholds. ↗
- →Monitor for path traversal patterns in HTTP requests targeting DDC4000 series devices, which may be used to read arbitrary files (e.g., /etc/passwd) as a precursor to credential cracking and admin takeover via weak default credentials. ↗
- ·DDC4002, DDC4100, DDC4200, DDC4200-L, and DDC4400 are End-of-Life and will not receive patches; detection and network isolation are the only mitigations for these models. ↗
- ·Supported DDC4000e series devices require firmware update to v1.21.0 or later to remediate CVE-2024-43698 and related vulnerabilities. ↗
- ·No known public exploitation of CVE-2024-43698 has been reported at time of advisory publication, but the vulnerability is remotely exploitable with low attack complexity (CVSS v4 9.3). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Kieback&Peter DDC4000 Series
cisa_ics·2024-10-17·CVSS 9.3
[CRITICAL] Kieback&Peter DDC4000 Series
ICS Advisory
##
Kieback&Peter DDC4000 Series
Release DateOctober 17, 2024
Alert CodeICSA-24-291-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Kieback&Peter
- Equipment: DDC4000 Series
- Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Kieback&Peter DDC4000 series products are affected:
- DDC4002 : Versions 1.12.14 and prior
- DDC4
GHSA
GHSA-v47r-mpm7-6768: Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system
ghsa_unreviewed·2024-10-23
CVE-2024-43698 [CRITICAL] CWE-1391 GHSA-v47r-mpm7-6768: Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-22
Published