Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61736 | 1 Johnsoncontrols | 5 Istar Edge, Istar Ultra, Istar Ultra Lt and 2 more | 2025-12-18 | N/A |
| Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. | ||||
| CVE-2025-43873 | 1 Johnsoncontrols | 6 Edge G2, Istar Edge G2, Istar Ultra and 3 more | 2025-12-18 | N/A |
| Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. | ||||
| CVE-2025-53695 | 1 Johnsoncontrols | 1 Istar Ultra | 2025-08-19 | N/A |
| OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware. | ||||
| CVE-2025-53696 | 1 Johnsoncontrols | 1 Istar Ultra | 2025-08-19 | N/A |
| iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected. | ||||
| CVE-2023-3127 | 1 Johnsoncontrols | 8 Edge G2, Edge G2 Firmware, Istar Ultra and 5 more | 2024-11-21 | 7.5 High |
| An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | ||||
| CVE-2022-21941 | 1 Johnsoncontrols | 2 Istar Ultra, Istar Ultra Firmware | 2024-11-21 | 10 Critical |
| All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | ||||
Page 1 of 1.