Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-32754
PUBLISHED
More InfoOfficial Page
Assigner-jci
Assigner Org ID-7281d04a-a537-43df-bfb4-fa4110af9d01
View Known Exploited Vulnerability (KEV) details
Published At-04 Jul, 2024 | 10:43
Updated At-27 Aug, 2025 | 20:42
Rejected At-
▼CVE Numbering Authority (CNA)
Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

Affected Products
Vendor
Johnson Controls
Product
Kantech KT1 Door Controller, Rev01
Default Status
unaffected
Versions
Affected
  • From 0 through 2.09.10 (custom)
Vendor
Johnson Controls
Product
Kantech KT2 Door Controller, Rev01
Default Status
unaffected
Versions
Affected
  • From 0 through 2.09.10 (custom)
Vendor
Johnson Controls
Product
Kantech KT400 Door Controller, Rev01
Default Status
unaffected
Versions
Affected
  • From 0 through 3.01.16 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.13.1LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-117CAPEC-117: Interception
CAPEC ID: CAPEC-117
Description: CAPEC-117: Interception
Solutions

Update Kantech door controllers as follows: * Update Kantech KT1 Door Controller to at least version 3.10.12 * Update Kantech KT2 Door Controller to at least version 3.10.12 * Update Kantech KT400 Door Controller to at least version 3.03

Configurations
Workarounds
Exploits
Credits
finder
National Computer Emergency Response Team (CERT) of India
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01
N/A
Hyperlink: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
x_transferred
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01
x_transferred
Hyperlink: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Resource:
x_transferred
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01
Resource:
x_transferred
Details not found