Controller Broadcasts Personal Information During Factory Reset
CVE-2024-32754

3.1LOW

Key Information:

Vendor: Johnson Controls
Status: Kantech Kt1 Door Controller, Rev01; Kantech Kt2 Door Controller, Rev01; Kantech Kt400 Door Controller, Rev01
Vendor: CVE Published:; 4 July 2024

🔔 Create Johnson Controls Vulnerability Alert

What is CVE-2024-32754?

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kantech KT1 Door Controller, Rev01 0 <= 2.09.10

Kantech KT2 Door Controller, Rev01 0 <= 2.09.10

Kantech KT400 Door Controller, Rev01 0 <= 3.01.16

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 4, 2024
Vulnerability Reserved
Apr 17, 2024

Credit

National Computer Emergency Response Team (CERT) of India

JSON

Johnson Controls

What is CVE-2024-32754?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.