Volerion logoVolerion
Volerion logoVolerion

Kieback & Peter DDC Building Controllers Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting vulnerability has been identified in Kieback & Peter DDC building controllers, specifically in versions DDC4002, DDC4100, DDC4200, DDC4200-L, DDC4400, DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e, and DDC520. This vulnerability allows JavaScript to be executed in the victim's browser, potentially giving an attacker control over the browser session.

Impact

Exploitation of this vulnerability could allow an attacker to take control of the victim's browser.

Remediation

For the DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, Kieback & Peter recommends updating the firmware to the latest available version and restricting network access to the device. For the DDC4002e, DDC4200e, DDC4400e, DDC4020e, and DDC4040e controllers, users should update to version 1.23.5 or newer. For the DDC520, the recommended version is 1.24.2 or newer.

Added: May 20, 2026, 4:27 PM
Updated: May 20, 2026, 4:27 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
4.8
remediation
0.0
relevance
8.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.