iSTAR Pro Door Controller Vulnerable to Machine-in-the-Middle Attacks
CVE-2024-32752

8.8HIGH

Key Information:

Vendor: Johnson Controls
Status: Istar Configuration Utility (icu); Istar Pro, Edge And Ex; Istar Ultra And Ultra Lt
Vendor: CVE Published:; 6 June 2024

🔔 Create Johnson Controls Vulnerability Alert

What is CVE-2024-32752?

The iSTAR Pro Door Controller by Johnson Controls is vulnerable to Machine-in-the-Middle attacks, which can compromise the integrity of communications between the controller and the ICU tool. This vulnerability could lead to unauthorized access and manipulation of door control and configuration settings, posing serious security risks. It is essential for users to be aware of this vulnerability to implement effective security measures.

Affected Version(s)

iSTAR Configuration Utility (ICU) 0

iSTAR Pro, Edge and eX 0

iSTAR Ultra and Ultra LT 0

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
Apr 17, 2024

Credit

Reid Wightman of Dragos

JSON