Lucene search

JciCVE-2023-4804

HistoryNov 10, 2023 - 11:15 p.m.

CVE-2023-4804

2023-11-1023:15:07

CWE-489

jci

web.nvd.nist.gov

cve-2023-4804

unauthorized user

debug features

quantum hd unity

nvd

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

Affected configurations

Nvd

Node

johnsoncontrolsquantum_hd_unity_compressorMatch-

AND

johnsoncontrolsquantum_hd_unity_compressor_firmwareRange11.00–11.22

johnsoncontrolsquantum_hd_unity_compressor_firmwareRange12.00–12.22

Node

johnsoncontrolsquantum_hd_unity_acuairMatch-

AND

johnsoncontrolsquantum_hd_unity_acuair_firmwareRange11.00–11.12

johnsoncontrolsquantum_hd_unity_acuair_firmwareRange12.00–12.12

Node

johnsoncontrolsquantum_hd_unity_condenser\/vesselMatch-

AND

johnsoncontrolsquantum_hd_unity_condenser\/vessel_firmwareRange11.00–11.11

johnsoncontrolsquantum_hd_unity_condenser\/vessel_firmwareRange12.00–12.11

Node

johnsoncontrolsquantum_hd_unity_evaporatorMatch-

AND

johnsoncontrolsquantum_hd_unity_evaporator_firmwareRange11.00–11.11

johnsoncontrolsquantum_hd_unity_evaporator_firmwareRange12.00–12.11

Node

johnsoncontrolsquantum_hd_unity_engine_roomMatch-

AND

johnsoncontrolsquantum_hd_unity_engine_room_firmwareRange11.00–11.11

johnsoncontrolsquantum_hd_unity_engine_room_firmwareRange12.00–12.11

Node

johnsoncontrolsquantum_hd_unity_interfaceMatch-

AND

johnsoncontrolsquantum_hd_unity_interface_firmwareRange11.00–11.11

johnsoncontrolsquantum_hd_unity_interface_firmwareRange12.00–12.11

VendorProductVersionCPE
johnsoncontrolsquantum_hd_unity_compressor-cpe:2.3:h:johnsoncontrols:quantum_hd_unity_compressor:-:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_compressor_firmware*cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware:*:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_acuair-cpe:2.3:h:johnsoncontrols:quantum_hd_unity_acuair:-:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_acuair_firmware*cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware:*:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_condenser\/vessel-cpe:2.3:h:johnsoncontrols:quantum_hd_unity_condenser\/vessel:-:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_condenser\/vessel_firmware*cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\/vessel_firmware:*:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_evaporator-cpe:2.3:h:johnsoncontrols:quantum_hd_unity_evaporator:-:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_evaporator_firmware*cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware:*:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_engine_room-cpe:2.3:h:johnsoncontrols:quantum_hd_unity_engine_room:-:*:*:*:*:*:*:*
johnsoncontrolsquantum_hd_unity_engine_room_firmware*cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
johnsoncontrols	quantum_hd_unity_compressor	-	cpe:2.3:h:johnsoncontrols:quantum_hd_unity_compressor:-:::::::*
johnsoncontrols	quantum_hd_unity_compressor_firmware	*	cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware::::::::
johnsoncontrols	quantum_hd_unity_acuair	-	cpe:2.3:h:johnsoncontrols:quantum_hd_unity_acuair:-:::::::*
johnsoncontrols	quantum_hd_unity_acuair_firmware	*	cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware::::::::
johnsoncontrols	quantum_hd_unity_condenser\/vessel	-	cpe:2.3:h:johnsoncontrols:quantum_hd_unity_condenser\/vessel:-:::::::*
johnsoncontrols	quantum_hd_unity_condenser\/vessel_firmware	*	cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\/vessel_firmware::::::::
johnsoncontrols	quantum_hd_unity_evaporator	-	cpe:2.3:h:johnsoncontrols:quantum_hd_unity_evaporator:-:::::::*
johnsoncontrols	quantum_hd_unity_evaporator_firmware	*	cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware::::::::
johnsoncontrols	quantum_hd_unity_engine_room	-	cpe:2.3:h:johnsoncontrols:quantum_hd_unity_engine_room:-:::::::*
johnsoncontrols	quantum_hd_unity_engine_room_firmware	*	cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware::::::::

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Quantum HD Unity Compressor",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "11.22",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.22",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Quantum HD Unity AcuAir",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "11.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Quantum HD Unity Condenser/Vessel",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "11.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Quantum HD Unity Evaporator",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "11.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Quantum HD Unity Engine Room",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "11.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Quantum HD Unity Interface",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "11.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-313-01

www.johnsoncontrols.com/cyber-solutions/security-advisories

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

Related for CVE-2023-4804