CVE-2024-32754

LOW

Johnson Controls Kantech KT1, KT2, KT400 - Unauthenticated Sensitive Info Exposure via Factory Reset

Title source: llm

Description

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01

Various Sources

https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

Scores

CVSS v3 3.1

EPSS 0.0022

EPSS Percentile 12.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (3)

Johnson Controls/Kantech KT1 Door Controller, Rev01 < 2.09.10

Johnson Controls/Kantech KT2 Door Controller, Rev01 < 2.09.10

Johnson Controls/Kantech KT400 Door Controller, Rev01 < 3.01.16

Published Jul 04, 2024

Tracked Since Feb 18, 2026