Kieback & Peter DDC Building Controllers

Key Points:

• Kieback & Peter DDC Building Controllers are vulnerable to cross-site scripting (XSS) due to improper input neutralization (CVE-2026-4293), allowing attackers to execute JavaScript in the victim's browser.
• Affected versions include DDC4002, DDC4100, DDC4200, DDC4400, and others, with a CVSS score of 5.3 indicating a medium severity risk. Exploitation could lead to unauthorized control over users' browsers.
• Users are advised to minimize network exposure of control systems, implement firewalls, and utilize secure remote access methods like VPNs. Regular updates and risk assessments are also recommended.

Technical Details: The vulnerability allows for JavaScript execution via XSS, enabling potential control over the victim's browser. The affected versions range from <=1.12.14 to <=1.24.1 across multiple product lines.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned