316 matches found
CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...
CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...
CVE-2025-26379
CVE-2025-26379 concerns Johnson Controls PowerG products (IQ Panels2, 2+, IQHub, IQPanel 4). The issue is use of a cryptographically weak pseudo-random number generator, enabling an attacker to read or inject encrypted PowerG packets. Documents consistently cite the weak PRNG as the root cause an...
CVE-2025-61739 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...
CVE-2025-61739
CVE-2025-61739 concerns nonce reuse that enables a replay attack or decryption of captured packets. Documents identify the affected products as Johnson Controls IQ Panels2, IQ Panels2+, IQHub, IQPanel 4, and PowerG, with the issue rooted in nonce reuse and/or weak RNG affecting confidentiality an...
CVE-2025-61739 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...
CVE-2025-61738 Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information
Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...
Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞
The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...
Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞
The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...
Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞
The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...
Johnson Controls iSTAR series 安全漏洞
The Johnson Controls iSTAR series is a line of access control devices from Johnson Controls USA. A security vulnerability exists in the Johnson Controls iSTAR series that originates from an attacker being able to modify the firmware, potentially resulting in full access to the device. The followi...
Johnson Controls OpenBlue Workplace 安全漏洞
Johnson Controls OpenBlue Workplace is a smart office space management platform from Johnson Controls USA. A security vulnerability exists in Johnson Controls OpenBlue Workplace. An attacker exploiting the vulnerability could gain access to sensitive information...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-350-01 Güralp Systems FMUS Fortimus Series and MIN Minimus Series ICSA-25-350-02 Johnson Controls PowerG,...
Johnson Controls PowerG, IQPanel and IQHub (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Johnson Controls PowerG, IQPanel and IQHub (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
CISA Releases 12 Industrial Control Systems Advisories
CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...
Johnson Controls iSTAR Ultra
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
PT-2025-49245
Name of the Vulnerable Software and Affected Versions Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior Description Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior are susceptible to a Direct...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-338-01 Mitsubishi Electric GX Works2 ICSA-25-338-02 MAXHUB Pivot ICSA-25-338-03 Johnson Controls OpenBlue...
Johnson Controls iSTAR
RISK EVALUATION Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...