PatchSiren

Kieback&Peter CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Kieback & Peter CVE published 2026-05-19

CVE-2026-4293

CVE-2026-4293 is a CVSS 5.3 medium-severity cross-site scripting issue affecting Kieback & Peter DDC building controllers. The published description says attacker-controlled JavaScript can execute in the victim’s browser, which can give the attacker control over that browser context. The NVD record was published on 2026-05-20 and was still marked "Awaiting Analysis" in the supplied source snapshot, so def [truncated]

HIGH Kieback&Peter CVE published 2024-10-17

CVE-2024-43812

A vulnerability in Kieback&Peter DDC4000 series building automation controllers allows unauthenticated attackers with local access to read password hashes from /etc/passwd. The affected products span ten controller models across two product generations: legacy DDC4002/DDC4100/DDC4200/DDC4200-L/DDC4400 (firmware ≤1.12.14 or ≤1.7.4) and newer DDC4002e/DDC4200e/DDC4400e/DDC4020e/DDC4040e models (firmware ≤1. [truncated]

CRITICAL Kieback&Peter CVE published 2024-10-17

CVE-2024-43698

A critical vulnerability in Kieback&Peter DDC4000 series building automation controllers enables unauthenticated attackers to gain full administrative access due to weak default credentials. Published October 17, 2024, this flaw affects ten product variants across both legacy (EOL) and currently supported controller lines. The CVSS 9.8 score reflects network exploitable, low-complexity attacks requiring n [truncated]

CRITICAL Kieback & Peter CVE published 2024-10-17

CVE-2024-41717

CVE-2024-41717 is a critical path traversal vulnerability in Kieback&Peter DDC4000 series building automation controllers, published on October 17, 2024. The vulnerability allows unauthenticated remote attackers to read arbitrary files on affected systems, with a CVSS 3.1 score of 9.8 (Critical). The flaw affects ten distinct product variants across two controller generations: legacy DDC4002, DDC4100, DDC [truncated]