99 matches found
CVE-2023-3127 Improper Authentication in iSTAR
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on July 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-192-01 Rockwell Automation Enhanced HIM ICSA-23-192-02 Sensormatic Electronics iSTAR...
Johnson Controls iSTAR Ultra 授权问题漏洞
Johnson Controls iSTAR Ultra is a door controller from Johnson Controls, Inc. It provides network resiliency and faster processing speeds. A security vulnerability exists in the Johnson Controls iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2, which originates from an unauthenticat...
PT-2023-23269 · Unknown · Istar Ultra G2 +3
Name of the Vulnerable Software and Affected Versions: iSTAR Ultra affected versions not specified iSTAR Ultra LT affected versions not specified iSTAR Ultra G2 affected versions not specified iSTAR Edge G2 affected versions not specified Description: An unauthenticated user could log into the...
CVE-2022-21941
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...
CVE-2022-21941
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...
Command injection
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...
CVE-2022-21941 iSTAR Ultra
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...
EUVD-2022-27097
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...
CVE-2022-21941
Affected product: iSTAR Ultra. Versions affected: all prior to 6.8.9.CU01. Issue: command injection that could allow an unauthenticated user to gain root access to the system, originating at the controller level. Root cause / nature: improper handling/neutralization of commands leading to privile...
The susceptibility of the microprogramming software of the iSTAR Ultra controller, related to the failure to take measures for data cleaning at the management level, allows the attacker to elevate their privileges to the root level.
The vulnerability of the iSTAR Ultra controller’s microprogramming software is related to the failure to take measures to clean data at the control level. Exploiting this vulnerability can allow an attacker, operating remotely, to elevate their privileges to the root level...
Johnson Controls iSTAR Ultra 命令注入漏洞
Johnson Controls iSTAR Ultra is a door controller from Johnson Controls, Inc. It provides network resiliency and faster processing speeds. A command injection vulnerability exists in versions prior to Johnson Controls iSTAR Ultra 6.8.9.CU01, which originates from allowing root access to the syste...
CVE-2022-21941
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...
PT-2022-4523 · Unknown · Istar Ultra
Name of the Vulnerable Software and Affected Versions: iSTAR Ultra versions prior to 6.8.9.CU01 Description: The issue is related to a command injection that could allow an unauthenticated user root access to the system. It is also associated with the lack of data cleaning measures at the...
CVE-2017-17704
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...
CVE-2017-17704
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...
Design/Logic Flaw
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...
CVE-2017-17704
The CVE-2017-17704 entry concerns Software House iStar Ultra devices (up to 6.5.2.20569) used with the IP-ACM Ethernet Door Module. The vulnerability arises from CBC-mode encryption that reuses a fixed IV and key across messages, with no strong authentication of messages. This enables replay of w...
CVE-2017-17704
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...