CVE-2024-45861

9.2

Critical

Published:19 Sep 2024

Last updated:17 Jun 2026

Source:ics-cert@hq.dhs.gov

Analyzed

Weakness (CWE)

CWE-798Use of Hard-coded Credentials

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): None
Availability (Vulnerable): None
Confidentiality (Subsequent): High
Integrity (Subsequent): None
Availability (Subsequent): None

View on MITRE Find PoC on GitHub

Description

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.

References

ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05