BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·15d ago

Kieback & Peter DDC Building Controllers

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-05.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. /strong /p p The following versions of Kieback amp; Peter DDC Building Controllers are affected: /p ul li DDC4002 lt;=1.12.14 (CVE-2026-4293) /li li DDC4100 lt;=1.12.14 (CVE-2026-4293) /li li DDC4200 lt;=1.12.14 (CVE-2026-4293) /li li DDC4200-L lt;=1.12.14 (CVE-2026-4293) /li li DDC4400 lt;=1.12.14 (CVE-2026-4293) /li li DDC4002e lt;=1.23.4 (CVE-2026-4293) /li li DDC4200e lt;=1.23.4 (CVE-2026-4293) /li li DDC4400e lt;=1.23.4 (CVE-2026-4293) /li li DDC4020e lt;=1.23.4 (CVE-2026-4293) /li li DDC4040e lt;=1.23.4 (CVE-2026-4293) /li li DDC520 lt;=1.24.1 (CVE-2026-4293) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 5.3 /td td Kieback amp; Peter /td td Kieback amp; Peter DDC Building Controllers /td td Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Communications, Financial Services, Food and Agriculture, Government Services and Facilities, Healthcare and Public Health, Information Technology /li li strong Countries/Areas Deployed: /strong Austria, China, France, Germany, United Arab Emirates /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-4293 /a /h3 div class= csaf-accordion-content p The affected products are vulnerable to cross-site scripting (XSS), enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-4293 View CVE Details /a /p hr h4 Affected Products /h4 h5 Kieback amp; Peter DDC Building Controllers /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Kieback amp; Peter /div div class= ics-version strong Product Version: /strong br Kieback amp; Peter DDC4002: lt;=1.12.14, Kieback amp; Peter DDC4100: lt;=1.12.14, Kieback amp; Peter DDC4200: lt;=1.12.14, Kieback amp; Peter DDC4200-L: lt;=1.12.14, Kieback amp; Peter DDC4400: lt;=1.12.14, Kieback amp; Peter DDC4002e: lt;=1.23.4, Kieback amp; Peter DDC4200e: lt;=1.23.4, Kieback amp; Peter DDC4400e: lt;=1.23.4, Kieback amp; Peter DDC4020e: lt;=1.23.4, Kieback amp; Peter DDC4040e: lt;=1.23.4, Kieback amp; Peter DDC520: lt;=1.24.1 /d

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-05

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin