Kone: >> Group Controller Firmware Security Vulnerabilities
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-09-07
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
CVSS Score
9.8
EPSS Score
0.083
Published
2018-09-07
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
CVSS Score
9.1
EPSS Score
0.011
Published
2018-09-07
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
CVSS Score
9.1
EPSS Score
0.003
Published
2018-09-07