Filtered by vendor Johnsoncontrols
Subscribe
Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21654 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-02 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | |||||
| CVE-2026-21656 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-02 | N/A | 9.8 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | |||||
| CVE-2026-21657 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-02 | N/A | 9.8 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | |||||
| CVE-2026-21658 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-02 | N/A | 9.8 CRITICAL |
| Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | |||||
| CVE-2026-21659 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-02 | N/A | 9.8 CRITICAL |
| Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior. | |||||
| CVE-2026-21660 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-02 | N/A | 9.8 CRITICAL |
| Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior. | |||||
| CVE-2014-5428 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2025-04-12 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script. | |||||
| CVE-2014-5427 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request. | |||||
| CVE-2012-2607 | 1 Johnsoncontrols | 2 Network Controller, Network Controller Firmware | 2025-04-11 | 7.5 HIGH | N/A |
| The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | |||||
| CVE-2012-4026 | 1 Johnsoncontrols | 2 Pegasys P2000 Server, Pegasys P2000 Server Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | |||||
| CVE-2024-0912 | 1 Johnsoncontrols | 1 Software House C-cure 9000 Siteserver | 2024-11-21 | N/A | 4.2 MEDIUM |
| Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions | |||||
| CVE-2024-0242 | 1 Johnsoncontrols | 4 Qolsys Iq4 Hub, Qolsys Iq4 Hub Firmware, Qolsys Iq Panel 4 and 1 more | 2024-11-21 | N/A | 7.3 HIGH |
| Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | |||||
| CVE-2023-4804 | 1 Johnsoncontrols | 12 Quantum Hd Unity Acuair, Quantum Hd Unity Acuair Firmware, Quantum Hd Unity Compressor and 9 more | 2024-11-21 | N/A | 10.0 CRITICAL |
| An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | |||||
| CVE-2023-4486 | 1 Johnsoncontrols | 20 F4-snc, F4-snc Firmware, Nae55 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
| Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. | |||||
| CVE-2023-3749 | 1 Johnsoncontrols | 1 Videoedge | 2024-11-21 | N/A | 7.1 HIGH |
| A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. | |||||
| CVE-2023-3548 | 1 Johnsoncontrols | 2 Iq Wifi 6, Iq Wifi 6 Firmware | 2024-11-21 | N/A | 8.3 HIGH |
| An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | |||||
| CVE-2023-3127 | 1 Johnsoncontrols | 8 Edge G2, Edge G2 Firmware, Istar Ultra and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | |||||
| CVE-2023-2025 | 1 Johnsoncontrols | 1 Openblue Enterprise Manager Data Collector | 2024-11-21 | N/A | 5.0 MEDIUM |
| OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances. | |||||
| CVE-2023-2024 | 1 Johnsoncontrols | 1 Openblue Enterprise Manager Data Collector | 2024-11-21 | N/A | 10.0 CRITICAL |
| Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances. | |||||
| CVE-2023-0954 | 1 Johnsoncontrols | 4 Illustra Pro Gen 4 Dome, Illustra Pro Gen 4 Dome Firmware, Illustra Pro Gen 4 Ptz and 1 more | 2024-11-21 | N/A | 8.3 HIGH |
| A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. | |||||