CVE-2018-15484

CRITICAL

KONE Group Controller Firmware < 4.6.5 - Unauthenticated Remote Code Execution via autoexec.bat Modification

Title source: llm
STIX 2.1

Description

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.kone.com/en/vulnerability.aspx

Scores

CVSS v3 9.8
EPSS 0.0766
EPSS Percentile 93.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
kone/group_controller_firmware < 4.6.5
Published Sep 07, 2018
Tracked Since Feb 18, 2026