Improper Authentication in iSTAR
CVE-2023-3127

7.5HIGH

Key Information:

Vendor: Sensormatic Electronics, A Subsidiary Of Johnson Controls, Inc.
Status: Istar Ultra; Istar Ultra Lt; Istar Ultra G2; Istar Edge G2
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-3127?

An unauthorized user can log into various models of the iSTAR Ultra series, including iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2, with administrator privileges. This poses a significant risk to the security of the affected devices and their management capabilities. Immediate action should be taken to secure these systems and mitigate potential exploitations.

Affected Version(s)

iSTAR Edge G2 0 < 6.9.2 CU01

iSTAR Ultra >6.8.6 < 6.9.2 CU01

iSTAR Ultra G2 0 < 6.9.2 CU01

References

https://www.johnsoncontrols.com/cyber-solutions/security-...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 6, 2023

Sensormatic Electronics, A Subsidiary Of Johnson Controls, Inc.

What is CVE-2023-3127?

Affected Version(s)

References

CVSS V3.1

Timeline