Lucene search

JciCVE-2024-32752

HistoryJun 06, 2024 - 9:15 p.m.

CVE-2024-32752

2024-06-0621:15:48

CWE-306

jci

web.nvd.nist.gov

icu

istar pro

middle attacks

communications

susceptibility

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS4

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Software House iSTAR Pro, ICU",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "ALL",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-158-04

www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS4

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-32752