Vulnerabilities > CVE-2023-0954 - Unspecified vulnerability in Johnsoncontrols products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

johnsoncontrols

critical

NVD

Published: 2023-06-08

Updated: 2023-06-22

Summary

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.

Vulnerable Configurations

Part	Description	Count
OS	Johnsoncontrols Johnsoncontrols Illustra PRO GEN 4 Dome Firmware * Johnsoncontrols Illustra PRO GEN 4 PTZ Firmware *	2
Hardware	Johnsoncontrols Johnsoncontrols Illustra PRO GEN 4 Dome - Johnsoncontrols Illustra PRO GEN 4 PTZ -	2

References

https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-02