Vulnerabilities > Johnsoncontrols > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-0242 | Unspecified vulnerability in Johnsoncontrols products Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | 9.8 |
| 2023-11-10 | CVE-2023-4804 | Unspecified vulnerability in Johnsoncontrols products An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | 9.8 |
| 2023-07-25 | CVE-2023-3548 | Improper Restriction of Excessive Authentication Attempts vulnerability in Johnsoncontrols IQ Wifi 6 Firmware An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | 9.8 |
| 2023-07-11 | CVE-2023-3127 | Improper Authentication vulnerability in Johnsoncontrols products An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | 9.8 |
| 2023-06-08 | CVE-2023-0954 | Unspecified vulnerability in Johnsoncontrols products A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. | 9.8 |
| 2022-08-31 | CVE-2022-21941 | Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware 6.8.6 All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | 9.8 |
| 2022-04-22 | CVE-2021-36203 | Server-Side Request Forgery (SSRF) vulnerability in Johnsoncontrols Metasys System Configuration Tool The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | 9.1 |
| 2022-04-15 | CVE-2021-36205 | Incomplete Cleanup vulnerability in Johnsoncontrols products Under certain circumstances the session token is not cleared on logout. | 9.8 |
| 2021-10-11 | CVE-2021-27664 | Improper Privilege Management vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0 Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | 9.8 |
| 2021-08-30 | CVE-2021-27663 | Unspecified vulnerability in Johnsoncontrols Ac2000 Firmware A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. | 9.8 |