CVE-2025-26386

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Johnson Controls iSTAR Configuration Utility (ICU) tiene una vulnerabilidad de desbordamiento de búfer basado en pila. Este problema afecta a iSTAR Configuration Utility (ICU) versión 6.9.7 y anteriores. La explotación exitosa de esta vulnerabilidad podría resultar en un fallo dentro del sistema operativo de la máquina que aloja la herramienta ICU.

28 Jan 2026, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-28 12:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-26386

Mitre link : CVE-2025-26386

CVE.ORG link : CVE-2025-26386

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-26386", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "productsecurity@jci.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-28T12:15:50.370", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04", "source": "productsecurity@jci.com"}, {"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", "source": "productsecurity@jci.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "productsecurity@jci.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Johnson Controls iSTAR Configuration Utility (ICU) has\u00a0Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool."}, {"lang": "es", "value": "Johnson Controls iSTAR Configuration Utility (ICU) tiene una vulnerabilidad de desbordamiento de b\u00fafer basado en pila. Este problema afecta a iSTAR Configuration Utility (ICU) versi\u00f3n 6.9.7 y anteriores. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda resultar en un fallo dentro del sistema operativo de la m\u00e1quina que aloja la herramienta ICU."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "productsecurity@jci.com"}