CVE-2025-61740 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

CVE-2025-61740 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

CVE-2025-61738 Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

CVE-2025-61738

CVE-2025-61738 affects Johnson Controls PowerG and IQPanel family. The Root cause is cleartext transmission of sensitive information, allowing an attacker under certain circumstances to capture the network key and read or write encrypted PowerG packets. Documented impact is limited to confidentia...

CVE-2025-61738 Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

PT-2025-52650

Name of the Vulnerable Software and Affected Versions Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG affected versions not specified Description The software utilizes a weak pseudo-random number generator. This could allow an attacker to read or inject encrypted PowerG packets...

Johnson Controls PowerG, IQPanel and IQHub (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

Johnson Controls PowerG, IQPanel and IQHub (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...