Lucene search

[email protected]CVE-2023-3127

HistoryJul 11, 2023 - 10:15 p.m.

CVE-2023-3127

2023-07-1122:15:09

CWE-287

[email protected]

web.nvd.nist.gov

cve-2023-3127

istar ultra

istar ultra lt

istar ultra g2

istar edge g2

unauthenticated access

admin rights

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

Affected configurations

NVD

Node

johnsoncontrolsistar_ultraMatch-

AND

johnsoncontrolsistar_ultra_firmwareRange6.8.6–6.9.2

johnsoncontrolsistar_ultra_firmwareMatch6.9.2-

Node

johnsoncontrolsistar_ultra_ltMatch-

AND

johnsoncontrolsistar_ultra_lt_firmwareRange6.8.6–6.9.2

johnsoncontrolsistar_ultra_lt_firmwareMatch6.9.2-

Node

johnsoncontrolsistar_ultra_g2Match-

AND

johnsoncontrolsistar_ultra_g2_firmwareRange<6.9.2

johnsoncontrolsistar_ultra_g2_firmwareMatch6.9.2-

Node

johnsoncontrolsedge_g2Match-

AND

johnsoncontrolsedge_g2_firmwareRange<6.9.2

johnsoncontrolsedge_g2_firmwareMatch6.9.2-

CPENameOperatorVersion
johnsoncontrols:istar_ultra_firmwarejohnsoncontrols istar ultra firmwarelt6.9.2

CPE	Name	Operator	Version
johnsoncontrols:istar_ultra_firmware	johnsoncontrols istar ultra firmware	lt	6.9.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Ultra",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": ">6.8.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Ultra LT",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": ">6.8.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Ultra G2",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Edge G2",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-192-02

www.johnsoncontrols.com/cyber-solutions/security-advisories

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

Related for CVE-2023-3127

ics1 prion1 nvd1 cvelist1