53 matches found
CVE-2025-43876
CVE-2025-43876 affects Johnson Controls iSTAR family (Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2). It is described as an authenticated web application command injection impacting get8021xSettings, with a root cause leading to unauthorized device access under certain circumstances. Publ...
CVE-2025-43876 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings
Under certain circumstances a successful exploitation could result in access to the device...
CVE-2025-43875 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo
Under certain circumstances a successful exploitation could result in access to the device...
CVE-2025-43875 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo
Under certain circumstances a successful exploitation could result in access to the device...
Johnson Controls多款产品 安全漏洞
Johnson Controls iSTAR Ultra and others are products of Johnson Controls, Inc.Johnson Controls iSTAR Ultra is an access controller.Johnson Controls iSTAR Ultra SE is an access controller software. Johnson Controls iSTAR Ultra G2 is an access control controller software. A security vulnerability...
Johnson Controls多款产品 安全漏洞
Johnson Controls iSTAR Ultra and others are products of Johnson Controls, Inc.Johnson Controls iSTAR Ultra is an access controller.Johnson Controls iSTAR Ultra SE is an access controller software. Johnson Controls iSTAR Ultra G2 is an access control controller software. A security vulnerability...
CVE-2025-43873
Johnson Controls iSTAR Ultra/Ultra SE/Ultra LT (versions prior to 6.9.7.CU01) and Ultra G2/Edge G2 (prior to 6.9.3) are affected by an OS Command Injection vulnerability in the web application that could allow an attacker to modify firmware and gain full device control. Root cause: authenticated ...
CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...
CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...
Johnson Controls iSTAR series 安全漏洞
Johnson Controls iSTAR series is a series of access control controllers from Johnson Controls, Inc. A security vulnerability exists in the Johnson Controls iSTAR series that stems from the inability of the product to re-establish communication after a certificate has expired. The following produc...
Johnson Controls iSTAR series 安全漏洞
The Johnson Controls iSTAR series is a line of access control devices from Johnson Controls USA. A security vulnerability exists in the Johnson Controls iSTAR series that originates from an attacker being able to modify the firmware, potentially resulting in full access to the device. The followi...
CISA Releases 12 Industrial Control Systems Advisories
CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...
Johnson Controls iSTAR Ultra
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
EUVD-2017-8861
Malware in sbrugna...
EUVD-2023-43813
Malicious code in bioql PyPI...
EUVD-2025-22915
Malicious code in bioql PyPI...
EUVD-2025-22904
Malicious code in bioql PyPI...
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Johnson Controls FX Server, FX80 and FX90 (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
CVE-2025-53695
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access 'root' user to the device firmware...