Vulnerabilities > Johnsoncontrols > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-0242 | Unspecified vulnerability in Johnsoncontrols products Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | 9.8 |
| 2023-11-10 | CVE-2023-4804 | Unspecified vulnerability in Johnsoncontrols products An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | 9.8 |
| 2023-07-25 | CVE-2023-3548 | Improper Restriction of Excessive Authentication Attempts vulnerability in Johnsoncontrols IQ Wifi 6 Firmware An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | 9.8 |
| 2023-07-11 | CVE-2023-3127 | Improper Authentication vulnerability in Johnsoncontrols products An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | 9.8 |
| 2023-06-08 | CVE-2023-0954 | Unspecified vulnerability in Johnsoncontrols products A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. | 9.8 |
| 2022-08-31 | CVE-2022-21941 | Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | 9.8 |
| 2021-08-30 | CVE-2021-27663 | Unspecified vulnerability in Johnsoncontrols Ac2000 Firmware A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. | 9.8 |
| 2020-06-26 | CVE-2020-9047 | Improper Verification of Cryptographic Signature vulnerability in Johnsoncontrols products A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. | 9.0 |
| 2020-03-10 | CVE-2019-7589 | Improper Input Validation vulnerability in Johnsoncontrols Entrapass 7.60 A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. | 10.0 |
| 2015-03-29 | CVE-2014-5428 | Unspecified vulnerability in Johnsoncontrols Metsys 4.1/6.5 Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script. | 10.0 |