Kieback&Peter DDC4000 Series

Act Now9.8ICS-CERT ICSA-24-291-05Oct 17, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple critical vulnerabilities in Kieback&Peter DDC4000 series direct digital controllers (path traversal, credentials exposed in storage, and a default privilege issue) allow an unauthenticated attacker with network access to gain full administrator rights on the device. Legacy models DDC4002, DDC4100, DDC4200, DDC4200-L, and DDC4400 are end-of-life and will not receive patches. Newer supported models DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e can be patched to firmware version 1.21.0 or later.

What this means

What could happen

An unauthenticated attacker with network access to the device could gain full administrator rights and run arbitrary commands on building automation controllers, potentially altering HVAC setpoints, disabling safety interlocks, or shutting down controlled systems.

Who's at risk

Building automation engineers and facility operators using Kieback&Peter DDC4000 series controllers for HVAC, lighting, and equipment control in commercial buildings, hospitals, data centers, and industrial plants. Both legacy EOL models (DDC4002, DDC4100, DDC4200, DDC4200-L, DDC4400) and newer supported models (DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e) are affected.

How it could be exploited

An attacker on the network can send malicious requests to the device without providing credentials. The vulnerability (likely path traversal, credential exposure, or a default privilege flaw) allows the attacker to bypass authentication checks and obtain administrator privileges, from which arbitrary commands can be executed on the controller.

Prerequisites

Network access to the DDC4000 series device (direct LAN access or via compromised internal network)
No valid credentials required

remotely exploitableno authentication requiredlow complexityno patch available for EOL modelsaffects control systems and building safety/operations

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (10)

2 with fix8 EOL

ProductAffected VersionsFix Status

DDC4002: <=1.12.14≤ 1.12.14No fix (EOL)

DDC4002e: <=1.17.6≤ 1.17.6No fix (EOL)

DDC4200-L: <=1.12.14≤ 1.12.14No fix (EOL)

DDC4200e: <=1.17.6≤ 1.17.6No fix (EOL)

DDC4100: <=1.7.4≤ 1.7.4No fix (EOL)

DDC4200: <=1.12.14≤ 1.12.14No fix (EOL)

DDC4400: <=1.12.14≤ 1.12.14No fix (EOL)

DDC4400e: <=1.17.6≤ 1.17.6No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict network access to DDC devices—ensure they are not reachable from the internet or untrusted networks; use firewall rules to allow only required engineering/monitoring traffic from authorized workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXFor EOL models (DDC4002, DDC4100, DDC4200, DDC4200-L, DDC4400): Evaluate business case for hardware replacement with supported models (DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e)

HOTFIXFor supported models (DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e): Contact Kieback&Peter to update firmware to version 1.21.0 or later

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: DDC4002: <=1.12.14, DDC4002e: <=1.17.6, DDC4200-L: <=1.12.14, DDC4200e: <=1.17.6, DDC4100: <=1.7.4, DDC4200: <=1.12.14, DDC4400: <=1.12.14, DDC4400e: <=1.17.6. Apply the following compensating controls:

HARDENINGIsolate all DDC4000 series devices on a separate OT network segment, physically separated from business/IT networks using firewalls or air-gapped design

HARDENINGIf remote access to DDC devices is required, implement VPN with multi-factor authentication and keep VPN software updated to the latest version

CVEs (3)

CVE-2024-41717 CVE-2024-43812 CVE-2024-43698

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/69b878a5-a1c7-49b7-8cbe-81202d99c526