99 matches found
CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...
CVE-2025-43873
Johnson Controls iSTAR Ultra/Ultra SE/Ultra LT (versions prior to 6.9.7.CU01) and Ultra G2/Edge G2 (prior to 6.9.3) are affected by an OS Command Injection vulnerability in the web application that could allow an attacker to modify firmware and gain full device control. Root cause: authenticated ...
CVE-2025-61736
CVE-2025-61736 affects Johnson Controls iSTAR series (e.g., iSTAR eX, iSTAR Edge, iSTAR Ultra LT/Ultra/SE). The issue is an improper handling of certificate expiration that can cause the device to fail to re-establish communication after a certificate expires. This vulnerability is named in CVE r...
Johnson Controls iSTAR series 安全漏洞
The Johnson Controls iSTAR series is a line of access control devices from Johnson Controls USA. A security vulnerability exists in the Johnson Controls iSTAR series that originates from an attacker being able to modify the firmware, potentially resulting in full access to the device. The followi...
Johnson Controls iSTAR series 安全漏洞
Johnson Controls iSTAR series is a series of access control controllers from Johnson Controls, Inc. A security vulnerability exists in the Johnson Controls iSTAR series that stems from the inability of the product to re-establish communication after a certificate has expired. The following produc...
CISA Releases 12 Industrial Control Systems Advisories
CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...
Johnson Controls iSTAR Ultra
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-338-01 Mitsubishi Electric GX Works2 ICSA-25-338-02 MAXHUB Pivot ICSA-25-338-03 Johnson Controls OpenBlue...
Johnson Controls iSTAR
RISK EVALUATION Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...
EUVD-2017-8861
Malware in sbrugna...
EUVD-2023-43813
Malicious code in bioql PyPI...
EUVD-2024-30539
Malicious code in bioql PyPI...
EUVD-2025-18131
Malicious code in bioql PyPI...
EUVD-2025-22904
Malicious code in bioql PyPI...
EUVD-2025-22915
Malicious code in bioql PyPI...
EUVD-2025-11985
Malicious code in bioql PyPI...
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Johnson Controls FX Server, FX80 and FX90 (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
CVE-2025-53695
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access 'root' user to the device firmware...
CVE-2025-53696
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected...