Lucene search
+L

316 matches found

Cvelist
Cvelist
added 2026/02/27 8:38 a.m.22 views

CVE-2026-21654 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...

8.8CVSS0.01506EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

Johnson Controls Frick Controls Quantum HD 安全漏洞

Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. The version 10.22 and earlier of Johnson Controls Frick Controls Quantum HD contained security vulnerabilities, which were caused b...

9.8CVSS6.2AI score0.00626EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

Johnson Controls Frick Controls Quantum HD 安全漏洞

Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. The version 10.22 and earlier of Johnson Controls Frick Controls Quantum HD contained security vulnerabilities, which were caused b...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Johnson Controls Frick Controls Quantum HD 安全漏洞

Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. The version 10.22 and earlier of Johnson Controls Frick Controls Quantum HD contained security vulnerabilities, which were due to...

9.8CVSS5.8AI score0.01506EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Johnson Controls Frick Controls Quantum HD 安全漏洞

Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. The version 10.22 and earlier of Johnson Controls Frick Controls Quantum HD contained security vulnerabilities, which were caused b...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.12 views

Johnson Controls Frick Controls Quantum HD 安全漏洞

Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. Versions of Johnson Controls Frick Controls Quantum HD prior to 10.22 contain security vulnerabilities. These vulnerabilities stem...

9.8CVSS6.4AI score0.00909EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.15 views

PT-2026-22317

Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for OS Command Injection. Insufficient input validation in certain parameters can lead to...

9.8CVSS5.9AI score0.01506EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.3 views

Johnson Controls iSTAR Configuration Utility < 6.9.8 Stack-based Buffer Overflow

The version of Johnson Controls iSTAR Configuration Utility ICU installed on the remote Windows host is prior to 6.9.8. It is, therefore, affected by a stack-based buffer overflow vulnerability that could result in failure within the operating system of the machine hosting the ICU tool. Note that...

7.1CVSS6.1AI score0.0039EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.8 views

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

9.5CVSS6AI score0.0144EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/30 11:5 a.m.5 views

EUVD-2025-206581

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

9.5CVSS6AI score0.0144EPSS
Exploits0References2
NVD
NVD
added 2026/01/28 12:15 p.m.12 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS0.0039EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:24 a.m.2 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/01/28 11:24 a.m.13 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility (ICU) on Windows is affected by a stack-based buffer overflow in ICU versions up to and including 6.9.7 (prior to 6.9.8). Successful exploitation could cause the host OS to fail, per NVD/Red Hat/Nessus/ICS advisories. A fixed version, ICU 6.9.8, is ref...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

Johnson Controls iSTAR Configuration Utility security vulnerability

Johnson Controls iSTAR Configuration Utility is a software tool developed by Johnson Controls for configuring and managing iSTAR Controllers. Versions of the ICU 6.9.7 and earlier contain security vulnerabilities; these vulnerabilities stem from stack buffer overflows, which may lead to operating...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.15 views

PT-2026-5091

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References3
ICS
ICS
added 2026/01/27 7:0 a.m.13 views

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

9.5CVSS5.8AI score0.0144EPSS
Exploits0References11
ICS
ICS
added 2026/01/22 7:0 a.m.11 views

Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

7.1CVSS5.7AI score0.0039EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

Johnson Controls多款产品 安全漏洞

Johnson Controls iSTAR Ultra and others are products of Johnson Controls, Inc.Johnson Controls iSTAR Ultra is an access controller.Johnson Controls iSTAR Ultra SE is an access controller software. Johnson Controls iSTAR Ultra G2 is an access control controller software. A security vulnerability...

8.7CVSS6.4AI score0.00274EPSS
Exploits0References2
CVE
CVE
added 2025/12/22 2:32 p.m.32 views

CVE-2025-61740

Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4 and PowerG are affected by an origin validation error where the device does not verify the source of a received packet. This can enable a denial-of-service or modification of device configuration (CVSS v4.0 base score 7.2). The connected documents...

7.2CVSS6.4AI score0.00123EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/22 2:32 p.m.5 views

CVE-2025-61740 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

7.2CVSS6.4AI score0.00123EPSS
Exploits0References2
Rows per page
Query Builder