Improper Authentication in iSTAR
CVE-2023-3127

7.5HIGH

Key Information:

Vendor

Sensormatic Electronics, A Subsidiary Of Johnson Controls, Inc.

Status
Istar Ultra
Istar Ultra Lt
Istar Ultra G2
Istar Edge G2
Vendor
CVE Published:
11 July 2023

What is CVE-2023-3127?

An unauthorized user can log into various models of the iSTAR Ultra series, including iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2, with administrator privileges. This poses a significant risk to the security of the affected devices and their management capabilities. Immediate action should be taken to secure these systems and mitigate potential exploitations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iSTAR Edge G2 0 < 6.9.2 CU01

iSTAR Ultra >6.8.6 < 6.9.2 CU01

iSTAR Ultra G2 0 < 6.9.2 CU01

References

https://www.johnsoncontrols.com/cyber-solutions/security-...
https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.