CVE-2025-43876 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings

Under certain circumstances a successful exploitation could result in access to the device...

CVE-2025-43876

CVE-2025-43876 affects Johnson Controls iSTAR family (Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2). It is described as an authenticated web application command injection impacting get8021xSettings, with a root cause leading to unauthorized device access under certain circumstances. Publ...

CVE-2025-43875 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo

Under certain circumstances a successful exploitation could result in access to the device...

Johnson Controls多款产品 安全漏洞

Johnson Controls iSTAR Ultra and others are products of Johnson Controls, Inc.Johnson Controls iSTAR Ultra is an access controller.Johnson Controls iSTAR Ultra SE is an access controller software. Johnson Controls iSTAR Ultra G2 is an access control controller software. A security vulnerability...

Johnson Controls多款产品 安全漏洞

Johnson Controls iSTAR Ultra and others are products of Johnson Controls, Inc.Johnson Controls iSTAR Ultra is an access controller.Johnson Controls iSTAR Ultra SE is an access controller software. Johnson Controls iSTAR Ultra G2 is an access control controller software. A security vulnerability...

CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

Johnson Controls iSTAR series 安全漏洞

The Johnson Controls iSTAR series is a line of access control devices from Johnson Controls USA. A security vulnerability exists in the Johnson Controls iSTAR series that originates from an attacker being able to modify the firmware, potentially resulting in full access to the device. The followi...

Johnson Controls iSTAR series 安全漏洞

Johnson Controls iSTAR series is a series of access control controllers from Johnson Controls, Inc. A security vulnerability exists in the Johnson Controls iSTAR series that stems from the inability of the product to re-establish communication after a certificate has expired. The following produc...

CVE-2023-3127

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights...

CVE-2023-3127

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights...

CVE-2023-3127 Improper Authentication in iSTAR

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights...

CVE-2023-3127

CVE-2023-3127 concerns improper authentication in Sensormatic Electronics iSTAR devices (Ultra, Ultra LT, Ultra G2, Edge G2). The vulnerability allows an unauthenticated user to login with administrator rights, with CVSS v3.1 base score 7.5 (AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L) per CISA ICS and N...

CVE-2023-3127 Improper Authentication in iSTAR

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights...

PT-2023-23269 · Unknown · Istar Ultra G2 +3

Name of the Vulnerable Software and Affected Versions: iSTAR Ultra affected versions not specified iSTAR Ultra LT affected versions not specified iSTAR Ultra G2 affected versions not specified iSTAR Edge G2 affected versions not specified Description: An unauthenticated user could log into the...