Vulnerabilities > Johnsoncontrols > Istar Ultra Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-3127 Improper Authentication vulnerability in Johnsoncontrols products
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
network
low complexity
johnsoncontrols CWE-287
critical
 9.8
9.8
2022-08-31 CVE-2022-21941 Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.
network
low complexity
johnsoncontrols CWE-77
critical
 9.8
9.8