VYPR
Vendor

Kieback & Peter

Products
3
CVEs
5
Across products
5
Status
Private

Products

3

Recent CVEs

5
  • CVE-2024-43698CriOct 22, 2024
    risk 0.64cvss 9.8epss 0.00

    Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.

  • CVE-2024-41717CriOct 22, 2024
    risk 0.64cvss 9.8epss 0.01

    Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.

  • CVE-2024-43812HigOct 22, 2024
    risk 0.55cvss 8.4epss 0.00

    Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.

  • CVE-2025-6225MedJan 7, 2026
    risk 0.45cvss epss 0.01

    Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02

  • CVE-2026-4293MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.00

    The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.