CVE-2024-32754 (GCVE-0-2024-32754)
Vulnerability from cvelistv5
Published
2024-07-04 10:43
Modified
2025-08-27 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Johnson Controls | Kantech KT1 Door Controller, Rev01 |
Version: 0 < |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T19:54:50.619118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:54.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kantech KT1 Door Controller, Rev01",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2.09.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kantech KT2 Door Controller, Rev01",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2.09.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kantech KT400 Door Controller, Rev01",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "3.01.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "National Computer Emergency Response Team (CERT) of India"
}
],
"datePublic": "2024-07-02T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.\u003c/span\u003e\n\n"
}
],
"value": "Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117: Interception"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-04T10:46:41.686Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eUpdate Kantech door controllers as follows:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eUpdate Kantech KT1 Door Controller to at least version 3.10.12\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eUpdate Kantech KT2 Door Controller to at least version 3.10.12\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eUpdate Kantech KT400 Door Controller to at least version 3.03\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Update Kantech door controllers as follows:\n\n * Update Kantech KT1 Door Controller to at least version 3.10.12\n\n\n * Update Kantech KT2 Door Controller to at least version 3.10.12\n\n\n * Update Kantech KT400 Door Controller to at least version 3.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2024-32754",
"datePublished": "2024-07-04T10:43:46.161Z",
"dateReserved": "2024-04-17T17:26:35.180Z",
"dateUpdated": "2025-08-27T20:42:54.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:20:35.575Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32754\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-05T19:54:50.619118Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-08T18:03:54.658Z\"}}], \"cna\": {\"title\": \"Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"National Computer Emergency Response Team (CERT) of India\"}], \"impacts\": [{\"capecId\": \"CAPEC-117\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-117: Interception\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.1, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Johnson Controls\", \"product\": \"Kantech KT1 Door Controller, Rev01\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.09.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"Kantech KT2 Door Controller, Rev01\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.09.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"Kantech KT400 Door Controller, Rev01\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.01.16\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Kantech door controllers as follows:\\n\\n * Update Kantech KT1 Door Controller to at least version 3.10.12\\n\\n\\n * Update Kantech KT2 Door Controller to at least version 3.10.12\\n\\n\\n * Update Kantech KT400 Door Controller to at least version 3.03\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eUpdate Kantech door controllers as follows:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eUpdate Kantech KT1 Door Controller to at least version 3.10.12\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eUpdate Kantech KT2 Door Controller to at least version 3.10.12\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eUpdate Kantech KT400 Door Controller to at least version 3.03\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-07-02T16:30:00.000Z\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eUnder certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"shortName\": \"jci\", \"dateUpdated\": \"2024-07-04T10:46:41.686Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-32754\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-27T20:42:54.379Z\", \"dateReserved\": \"2024-04-17T17:26:35.180Z\", \"assignerOrgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"datePublished\": \"2024-07-04T10:43:46.161Z\", \"assignerShortName\": \"jci\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…