CVE-2024-0242 Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub

🗓️ 08 Feb 2024 19:34:14Reported by jciType

Unauthorized access to Qolsys IQ Panel 4 and IQ4 Hub setting

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the microprogrammed software in wireless alarm systems such as IQ Panel 4 and IQ4 Hub, related to insufficient protection of operational data, allows a intruder to alter the settings of the device.	14 Feb 202400:00	–	bdu_fstec
Circl	CVE-2024-0242	8 Feb 202421:31	–	circl
CNNVD	Qolsys IQ Panel 4 and Qolsys IQ4 Hub Security Vulnerabilities	8 Feb 202400:00	–	cnnvd
CVE	CVE-2024-0242	8 Feb 202419:34	–	cve
EUVD	EUVD-2024-16039	3 Oct 202520:07	–	euvd
ICS	Qolsys IQ Panel 4, IQ4 HUB	8 Feb 202407:00	–	ics
NVD	CVE-2024-0242	8 Feb 202420:15	–	nvd
OSV	CVE-2024-0242	8 Feb 202420:15	–	osv
Prion	Design/Logic Flaw	8 Feb 202420:15	–	prion
Positive Technologies	PT-2024-1630 · Qolsys · Qolsys Iq4 Hub +1	8 Feb 202400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "IQ Panel 4",
    "vendor": "Qolsys, Inc.",
    "versions": [
      {
        "lessThan": "4.4.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "IQ4 Hub",
    "vendor": "Qolsys, Inc.",
    "versions": [
      {
        "lessThan": "4.4.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
johnsoncontrols	www.johnsoncontrols.com/cyber-solutions/security-advisories
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-039-01

08 Feb 2024 19:34Current

9.6High risk

Vulners AI Score9.6

CVSS 3.17.3

EPSS0.00585

CWE-200

cve-2024-0242 unauthorized access qolsys iq panel 4 iq4 hub settings software vulnerability