CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator

🗓️ 22 Dec 2025 14:21:29Reported by jciType

CVE-2025-26379: Johnson Controls IQ Panels and PowerG use a weak PRNG, allowing reading or injecting encrypted packets.

Reporter	Title	Published	Views	Family All 8
CNNVD	Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞	22 Dec 202500:00	–	cnnvd
CVE	CVE-2025-26379	22 Dec 202514:21	–	cve
EUVD	EUVD-2025-204711	22 Dec 202514:21	–	euvd
ICS	Johnson Controls PowerG, IQPanel and IQHub (Update A)	16 Dec 202507:00	–	ics
NVD	CVE-2025-26379	22 Dec 202515:16	–	nvd
Positive Technologies	PT-2025-52650	22 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-26379	23 Dec 202514:31	–	redhatcve
Vulnrichment	CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator	22 Dec 202514:21	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "2",
        "status": "affected",
        "version": "IQ Panels2",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2+",
        "status": "affected",
        "version": "IQ Panel 2+",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "IQHub",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.6.0",
        "status": "affected",
        "version": "IQPanel 4",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "53.02",
        "status": "affected",
        "version": "PowerG",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
johnsoncontrols	www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
cisa	www.cisa.gov/news-events/ics-advisories/icsa-25-350-02

22 Dec 2025 14:21Current

CVSS 47.2

EPSS0.00025

CWE-338