Sebastian9Er

**Name of the Vulnerable Software and Affected Versions** KONE Group Controller (KGC) versions prior to 4.6.5 **Description** An issue was discovered that allows Denial of Service to occur through the open HTTP interface. **Recommendations** For versions prior to 4.6.5, update to version 4.6.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KONE Group Controller (KGC) versions prior to 4.6.5 **Description** An issue allows unauthenticated remote code execution through the open HTTP interface by modifying `autoexec.bat`. **Recommendations** For versions prior to 4.6.5, update to version 4.6.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KONE Group Controller (KGC) versions prior to 4.6.5 **Description** An issue allows unauthenticated Local File Inclusion and File modification through the open HTTP interface. This can be achieved by modifying the `name` parameter of the file endpoint. **Recommendations** For versions prior to 4.6.5, update to version 4.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the file endpoint to minimize the risk of exploitation. Avoid using the `name` parameter in the affected endpoint until the issue is resolved.