{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-32754",
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "state": "PUBLISHED",
        "assignerShortName": "jci",
        "dateReserved": "2024-04-17T17:26:35.180Z",
        "datePublished": "2024-07-04T10:43:46.161Z",
        "dateUpdated": "2024-08-02T02:20:35.575Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "product": "Kantech KT1 Door Controller, Rev01",
                    "vendor": "Johnson Controls",
                    "versions": [
                        {
                            "lessThanOrEqual": "2.09.10",
                            "status": "affected",
                            "version": "0",
                            "versionType": "custom"
                        }
                    ]
                },
                {
                    "defaultStatus": "unaffected",
                    "product": "Kantech KT2 Door Controller, Rev01",
                    "vendor": "Johnson Controls",
                    "versions": [
                        {
                            "lessThanOrEqual": "2.09.10",
                            "status": "affected",
                            "version": "0",
                            "versionType": "custom"
                        }
                    ]
                },
                {
                    "defaultStatus": "unaffected",
                    "product": "Kantech KT400 Door Controller, Rev01",
                    "vendor": "Johnson Controls",
                    "versions": [
                        {
                            "lessThanOrEqual": "3.01.16",
                            "status": "affected",
                            "version": "0",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "type": "finder",
                    "value": "National Computer Emergency Response Team (CERT) of India"
                }
            ],
            "datePublic": "2024-07-02T16:30:00.000Z",
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version.  Once configured, the controller will no longer broadcast this information.</span>\n\n"
                        }
                    ],
                    "value": "Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version.  Once configured, the controller will no longer broadcast this information."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-117",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-117: Interception"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "HIGH",
                        "attackVector": "ADJACENT_NETWORK",
                        "availabilityImpact": "NONE",
                        "baseScore": 3.1,
                        "baseSeverity": "LOW",
                        "confidentialityImpact": "LOW",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "NONE",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-200",
                            "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
                "shortName": "jci",
                "dateUpdated": "2024-07-04T10:46:41.686Z"
            },
            "references": [
                {
                    "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
                },
                {
                    "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "\n\n<p>Update Kantech door controllers as follows:</p><ul><li><p>Update Kantech KT1 Door Controller to at least version 3.10.12</p></li><li><p>Update Kantech KT2 Door Controller to at least version 3.10.12</p></li><li><p>Update Kantech KT400 Door Controller to at least version 3.03</p></li></ul>"
                        }
                    ],
                    "value": "Update Kantech door controllers as follows:\n\n  *  Update Kantech KT1 Door Controller to at least version 3.10.12\n\n\n  *  Update Kantech KT2 Door Controller to at least version 3.10.12\n\n\n  *  Update Kantech KT400 Door Controller to at least version 3.03"
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "title": "Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-07-05T19:54:50.619118Z",
                                "id": "CVE-2024-32754",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-07-08T18:03:58.134Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T02:20:35.575Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}