Johnson Controls released an advisory concerning a vulnerability in its Kantech KT1, KT2, and KT400 door controllers. This flaw, identified as CVE-2024-32754, allows sensitive information like MAC addresses, serial numbers, and firmware versions to be exposed when the controller is in factory reset mode. Once configured, the controller stops broadcasting this data, but during the initial setup phase, unauthorized actors could gain access to this information, posing a risk to confidentiality.
The vulnerability has been assigned a CVSS v3.1 base score of 3.1, indicating a low-level security threat. The risk evaluation notes that this vulnerability is only exploitable via an adjacent network, and it is not accessible remotely. Successful exploitation could allow attackers to intercept sensitive data, which might be used to compromise the controller. This specific weakness is due to insufficient safeguards in protecting sensitive information during the controller’s factory reset mode.
Johnson Controls recommends users update their door controllers to mitigate this vulnerability. The advised updates include upgrading KT1 and KT2 door controllers to at least version 3.10.12, and KT400 to version 3.03. Detailed mitigation instructions are available in Johnson Controls’ Product Security Advisory. Following best practices, CISA suggests minimizing network exposure of control system devices, ensuring they are isolated from the internet and using secure methods such as VPNs for remote access.
No known public exploits have been reported regarding this vulnerability, and it requires high attack complexity. CISA encourages organizations to follow cybersecurity best practices, such as impact assessments and defensive measures, to safeguard their systems. While the vulnerability has not been widely exploited, proper updates and network security measures are necessary to prevent potential risks.
