← Back to CVEs
CVE-2024-32754
LOW3.1
Description
Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.
CVE Details
CVSS v3.1 Score3.1
SeverityLOW
CVSS VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorADJACENT_NETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published7/4/2024
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-200
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01(productsecurity@jci.com)
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories(productsecurity@jci.com)
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.