Filtered by vendor Johnsoncontrols
Subscriptions
Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21660 | 1 Johnsoncontrols | 1 Frick Controls Quantum Hd | 2026-02-27 | N/A |
| Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2026-21654 | 1 Johnsoncontrols | 1 Frick Controls Quantum Hd | 2026-02-27 | N/A |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2026-21656 | 1 Johnsoncontrols | 1 Frick Controls Quantum Hd | 2026-02-27 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2026-21657 | 1 Johnsoncontrols | 1 Frick Controls Quantum Hd | 2026-02-27 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2026-21658 | 1 Johnsoncontrols | 1 Frick Controls Quantum Hd | 2026-02-27 | N/A |
| Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2026-21659 | 1 Johnsoncontrols | 1 Frick Controls Quantum Hd | 2026-02-27 | N/A |
| Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2025-26385 | 1 Johnsoncontrols | 1 Metasys | 2026-02-04 | N/A |
| Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation, * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation, * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1, * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior, * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior. | ||||
| CVE-2025-26386 | 1 Johnsoncontrols | 1 Istar Configuration Utility | 2026-01-29 | N/A |
| Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool. | ||||
| CVE-2025-43875 | 1 Johnsoncontrols | 5 Istar Edge G2, Istar Ultra, Istar Ultra G2 and 2 more | 2025-12-29 | N/A |
| Under certain circumstances a successful exploitation could result in access to the device. | ||||
| CVE-2025-43876 | 1 Johnsoncontrols | 5 Istar Edge G2, Istar Ultra, Istar Ultra G2 and 2 more | 2025-12-29 | N/A |
| Under certain circumstances a successful exploitation could result in access to the device. | ||||
| CVE-2025-61739 | 1 Johnsoncontrols | 5 Iq Panels2, Iq Panels2+, Iqhub and 2 more | 2025-12-23 | N/A |
| Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets. | ||||
| CVE-2025-61738 | 1 Johnsoncontrols | 5 Iq Panels2, Iq Panels2+, Iqhub and 2 more | 2025-12-23 | N/A |
| Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network. | ||||
| CVE-2025-26379 | 1 Johnsoncontrols | 5 Iq Panels2, Iq Panels2+, Iqhub and 2 more | 2025-12-23 | N/A |
| Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets. | ||||
| CVE-2025-61740 | 1 Johnsoncontrols | 5 Iq Panels2, Iq Panels2+, Iqhub and 2 more | 2025-12-23 | N/A |
| Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device. | ||||
| CVE-2025-43873 | 1 Johnsoncontrols | 6 Edge G2, Istar Edge G2, Istar Ultra and 3 more | 2025-12-18 | N/A |
| Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. | ||||
| CVE-2025-26381 | 1 Johnsoncontrols | 1 Openblue Workplace | 2025-12-18 | N/A |
| Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2025-61736 | 1 Johnsoncontrols | 5 Istar Edge, Istar Ultra, Istar Ultra Lt and 2 more | 2025-12-18 | N/A |
| Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. | ||||
| CVE-2023-4804 | 1 Johnsoncontrols | 12 Quantum Hd Unity Acuair, Quantum Hd Unity Acuair Firmware, Quantum Hd Unity Compressor and 9 more | 2025-12-16 | 10 Critical |
| An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | ||||
| CVE-2025-53695 | 1 Johnsoncontrols | 1 Istar Ultra | 2025-08-19 | N/A |
| OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware. | ||||
| CVE-2025-53696 | 1 Johnsoncontrols | 1 Istar Ultra | 2025-08-19 | N/A |
| iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected. | ||||