Johnson Controls iSTAR Configuration Utility < 6.9.8 Stack-based Buffer Overflow

The version of Johnson Controls iSTAR Configuration Utility ICU installed on the remote Windows host is prior to 6.9.8. It is, therefore, affected by a stack-based buffer overflow vulnerability that could result in failure within the operating system of the machine hosting the ICU tool. Note that...

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

EUVD-2025-206488

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility (ICU) on Windows is affected by a stack-based buffer overflow in ICU versions up to and including 6.9.7 (prior to 6.9.8). Successful exploitation could cause the host OS to fail, per NVD/Red Hat/Nessus/ICS advisories. A fixed version, ICU 6.9.8, is ref...

PT-2026-5091

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

Johnson Controls iSTAR Configuration Utility security vulnerability

Johnson Controls iSTAR Configuration Utility is a software tool developed by Johnson Controls for configuring and managing iSTAR Controllers. Versions of the ICU 6.9.7 and earlier contain security vulnerabilities; these vulnerabilities stem from stack buffer overflows, which may lead to operating...

Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

EUVD-2025-11985

Malicious code in bioql PyPI...

EUVD-2025-18131

Malicious code in bioql PyPI...

CVE-2025-26383

The iSTAR Configuration Utility ICU tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on...

CVE-2025-26383

The iSTAR Configuration Utility ICU tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on...

CVE-2025-26383

The iSTAR Configuration Utility ICU tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on...

CVE-2025-26383

CVE-2025-26383 relates to Johnson Controls’ iSTAR Configuration Utility (ICU). A memory leak in ICU could cause exposure of unauthorized data from the Windows PC hosting ICU. Public details identify affected software as ICU and indicate the issue resides before ICU version 6.9.5. Remediation exis...

CVE-2025-26383

The iSTAR Configuration Utility ICU tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on...

Johnson Controls iSTAR Configuration Utility 安全漏洞

The Johnson Controls iSTAR Configuration Utility is a software tool for configuring and managing iSTAR Controllers from Johnson Controls, Inc. A security vulnerability exists in the Johnson Controls iSTAR Configuration Utility that originates from a memory leak that could result in the exposure o...

CVE-2025-26382

Under certain circumstances the iSTAR Configuration Utility ICU tool could have a buffer overflow issue...

CVE-2025-26382

Under certain circumstances the iSTAR Configuration Utility ICU tool could have a buffer overflow issue...