Quantum HD Unity
CVE-2023-4804

9.8CRITICAL

Key Information:

Vendor: Johnson Controls
Status: Quantum HD Unity Compressor; Quantum HD Unity AcuAir; Quantum HD Unity Condenser/Vessel; Quantum HD Unity Evaporator
Vendor: CVE Published:; 10 November 2023

What is CVE-2023-4804?

An oversight in Quantum HD Unity products from Johnson Controls has led to the accidental exposure of debug features. This vulnerability allows unauthorized users to gain access to sensitive debug functionalities, potentially compromising the integrity of the system. It is crucial for users of these products to assess their security measures and ensure that access to such features is appropriately restricted.

Affected Version(s)

Quantum HD Unity AcuAir 0 < 11.12

Quantum HD Unity AcuAir 0 < 12.12

Quantum HD Unity Compressor 0 < 11.22

References

https://www.johnsoncontrols.com/cyber-solutions/security-...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2023
Vulnerability Reserved
Sep 6, 2023

Credit

Jim Reprogle