← Retour aux CVEs
CVE-2024-32754
LOW3.1
Description
Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.
Details CVE
Score CVSS v3.13.1
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie7/4/2024
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-200
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01(productsecurity@jci.com)
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories(productsecurity@jci.com)
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.