Lucene search
K

99 matches found

Cvelist
Cvelist
added 2023/07/11 9:6 p.m.31 views

CVE-2023-3127 Improper Authentication in iSTAR

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights...

7.5CVSS9.7AI score0.0045EPSS
Exploits0References2
CISA
CISA
added 2023/07/11 12:0 p.m.7 views

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on July 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-192-01 Rockwell Automation Enhanced HIM ICSA-23-192-02 Sensormatic Electronics iSTAR...

7AI score
Exploits0References4
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.4 views

Johnson Controls iSTAR Ultra 授权问题漏洞

Johnson Controls iSTAR Ultra is a door controller from Johnson Controls, Inc. It provides network resiliency and faster processing speeds. A security vulnerability exists in the Johnson Controls iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2, which originates from an unauthenticat...

9.8CVSS8.4AI score0.0045EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.12 views

PT-2023-23269 · Unknown · Istar Ultra G2 +3

Name of the Vulnerable Software and Affected Versions: iSTAR Ultra affected versions not specified iSTAR Ultra LT affected versions not specified iSTAR Ultra G2 affected versions not specified iSTAR Edge G2 affected versions not specified Description: An unauthenticated user could log into the...

9.8CVSS9.4AI score0.0045EPSS
Exploits0References4
OSV
OSV
added 2022/08/31 4:15 p.m.7 views

CVE-2022-21941

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

9.8CVSS5.8AI score0.01949EPSS
Exploits0References2
NVD
NVD
added 2022/08/31 4:15 p.m.28 views

CVE-2022-21941

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

10CVSS0.01949EPSS
Exploits0References2
Prion
Prion
added 2022/08/31 4:15 p.m.18 views

Command injection

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

7.5CVSS9.7AI score0.01949EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/31 3:59 p.m.28 views

CVE-2022-21941 iSTAR Ultra

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

10CVSS10AI score0.01949EPSS
Exploits0References2
EUVD
EUVD
added 2022/08/31 3:59 p.m.7 views

EUVD-2022-27097

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

10CVSS9.8AI score0.01949EPSS
Exploits0References2
CVE
CVE
added 2022/08/31 3:59 p.m.53 views

CVE-2022-21941

Affected product: iSTAR Ultra. Versions affected: all prior to 6.8.9.CU01. Issue: command injection that could allow an unauthenticated user to gain root access to the system, originating at the controller level. Root cause / nature: improper handling/neutralization of commands leading to privile...

10CVSS9.9AI score0.01949EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.11 views

The susceptibility of the microprogramming software of the iSTAR Ultra controller, related to the failure to take measures for data cleaning at the management level, allows the attacker to elevate their privileges to the root level.

The vulnerability of the iSTAR Ultra controller’s microprogramming software is related to the failure to take measures to clean data at the control level. Exploiting this vulnerability can allow an attacker, operating remotely, to elevate their privileges to the root level...

10CVSS7.7AI score0.01949EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.7 views

Johnson Controls iSTAR Ultra 命令注入漏洞

Johnson Controls iSTAR Ultra is a door controller from Johnson Controls, Inc. It provides network resiliency and faster processing speeds. A command injection vulnerability exists in versions prior to Johnson Controls iSTAR Ultra 6.8.9.CU01, which originates from allowing root access to the syste...

10CVSS7.6AI score0.01949EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/30 7:27 p.m.6 views

CVE-2022-21941

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

10CVSS7.3AI score0.01949EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.5 views

PT-2022-4523 · Unknown · Istar Ultra

Name of the Vulnerable Software and Affected Versions: iSTAR Ultra versions prior to 6.8.9.CU01 Description: The issue is related to a command injection that could allow an unauthenticated user root access to the system. It is also associated with the lack of data cleaning measures at the...

10CVSS9.7AI score0.01949EPSS
Exploits0References6
OSV
OSV
added 2017/12/31 2:29 a.m.5 views

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

7.4CVSS5.7AI score0.00999EPSS
Exploits0References1
NVD
NVD
added 2017/12/31 2:29 a.m.15 views

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

7.4CVSS7.5AI score0.00999EPSS
Exploits0References1
Prion
Prion
added 2017/12/31 2:29 a.m.16 views

Design/Logic Flaw

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

5.8CVSS7.6AI score0.00999EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/12/31 2:0 a.m.51 views

CVE-2017-17704

The CVE-2017-17704 entry concerns Software House iStar Ultra devices (up to 6.5.2.20569) used with the IP-ACM Ethernet Door Module. The vulnerability arises from CBC-mode encryption that reuses a fixed IV and key across messages, with no strong authentication of messages. This enables replay of w...

7.4CVSS7.5AI score0.00999EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/12/31 2:0 a.m.23 views

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

7.5AI score0.00999EPSS
Exploits0References1
Rows per page
Query Builder