CVE-2024-4008

Summary

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System

Affected Software

VendorProductVersion RangeStatus
ABB, Busch-Jaeger2.4! Display 55, SD/U12.55.11-8251.00affected
ABB, Busch-Jaeger2.4! Display 55, SD/SD/U12.55.1-8251.00affected
ABB, Busch-Jaeger2.4! Display 63, SD/U12.63.11-8251.00affected
ABB, Busch-JaegerRoomTouch 4", RT/U12.86.1-8251.00affected
ABB, Busch-JaegerRoomTouch 4", RT/U12.86.11-8251.00affected
ABB, Busch-Jaeger2,4’’ Display 70, SD/U12.70.11-40151.00affected
ABB, Busch-Jaeger2,4’’ Display 70, SD-U12-70-1-40151.00affected
ABB, Busch-JaegerRoomTouch 4", RT/U12.86.11-8111.00affected
ABB, Busch-JaegerRoomTouch 4", RT-U12-86-1-8111.00affected
ABB, Busch-JaegerBCU KNX, BA-U1.0.111.3.0.33affected
ABB, Busch-JaegerBCU KNX, BA-U1.0.11.3.0.33affected
ABB, Busch-JaegerBCU KNX, BA-U1.0.211.3.0.33affected

Weaknesses

  • CWE-497: CWE-497 [LLM] Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References