Refine your search
6 vulnerabilities found for IQ Panels2, 2+, IQHub, IQPanel 4, PowerG by Johnson Controls
CVE-2025-61740 (GCVE-0-2025-61740)
Vulnerability from nvd
Published
2025-12-22 14:32
Modified
2025-12-22 16:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | IQ Panels2, 2+, IQHub, IQPanel 4, PowerG |
Version: IQ Panels2 < Version: IQ Panels2+ < Version: IQHub < Version: IQPanel 4 < Version: PowerG < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:19:54.221428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:20:04.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "IQ Panels2",
"versionType": "custom"
},
{
"lessThanOrEqual": "2+",
"status": "affected",
"version": "IQ Panels2+",
"versionType": "custom"
},
{
"status": "affected",
"version": "IQHub",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "IQPanel 4",
"versionType": "custom"
},
{
"lessThanOrEqual": "53.02",
"status": "affected",
"version": "PowerG",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Chambers of NCC group"
},
{
"lang": "en",
"type": "finder",
"value": "Sultan Qasim Khan of NCC group"
}
],
"datePublic": "2025-12-16T14:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.\u003cbr\u003e"
}
],
"value": "Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T14:32:07.619Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\u003cbr\u003eb. Devices that support PowerG+ should use PowerG v53.05 or later. \u003cbr\u003ec. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\u003cbr\u003ed. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2025-61740",
"datePublished": "2025-12-22T14:32:07.619Z",
"dateReserved": "2025-09-30T15:51:17.096Z",
"dateUpdated": "2025-12-22T16:20:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26379 (GCVE-0-2025-26379)
Vulnerability from nvd
Published
2025-12-22 14:21
Modified
2025-12-22 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Summary
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | IQ Panels2, 2+, IQHub, IQPanel 4, PowerG |
Version: IQ Panels2 < Version: IQ Panel 2+ < Version: IQHub < Version: IQPanel 4 < Version: PowerG < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:19:13.074335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:19:25.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "IQ Panels2",
"versionType": "custom"
},
{
"lessThanOrEqual": "2+",
"status": "affected",
"version": "IQ Panel 2+",
"versionType": "custom"
},
{
"status": "affected",
"version": "IQHub",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "IQPanel 4",
"versionType": "custom"
},
{
"lessThanOrEqual": "53.02",
"status": "affected",
"version": "PowerG",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Chambersof NCC Group"
},
{
"lang": "en",
"type": "finder",
"value": "and Sultan Qasim Khan NCC Group"
}
],
"datePublic": "2025-12-16T14:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.\u003cbr\u003e"
}
],
"value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets."
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T14:21:29.597Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\u003cbr\u003eb. Devices that support PowerG+ should use PowerG v53.05 or later. \u003cbr\u003ec. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\u003cbr\u003ed. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2025-26379",
"datePublished": "2025-12-22T14:21:29.597Z",
"dateReserved": "2025-02-07T14:15:53.879Z",
"dateUpdated": "2025-12-22T16:19:25.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61739 (GCVE-0-2025-61739)
Vulnerability from nvd
Published
2025-12-22 10:19
Modified
2025-12-22 13:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-323 - Reusing a Nonce, Key pair in encryption
Summary
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | IQ Panels2, 2+, IQHub, IQPanel 4, PowerG |
Version: IQPanel2 < Version: IQ Panels 2+ < Version: IQHub < Version: IQPanel 4 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T13:09:06.933752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T13:09:17.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "IQPanel2",
"versionType": "custom"
},
{
"lessThanOrEqual": "2+",
"status": "affected",
"version": "IQ Panels 2+",
"versionType": "custom"
},
{
"status": "affected",
"version": "IQHub",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "IQPanel 4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Chambers of NCC Group"
},
{
"lang": "en",
"type": "finder",
"value": "Sultan Qasim Khan of NCC Group"
}
],
"datePublic": "2025-12-16T10:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets."
}
],
"value": "Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323 Reusing a Nonce, Key pair in encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T10:19:34.183Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\u003cbr\u003eb. Devices that support PowerG+ should use PowerG v53.05 or later. \u003cbr\u003ec. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\u003cbr\u003ed. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2025-61739",
"datePublished": "2025-12-22T10:19:34.183Z",
"dateReserved": "2025-09-30T15:51:17.096Z",
"dateUpdated": "2025-12-22T13:09:17.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61740 (GCVE-0-2025-61740)
Vulnerability from cvelistv5
Published
2025-12-22 14:32
Modified
2025-12-22 16:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | IQ Panels2, 2+, IQHub, IQPanel 4, PowerG |
Version: IQ Panels2 < Version: IQ Panels2+ < Version: IQHub < Version: IQPanel 4 < Version: PowerG < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:19:54.221428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:20:04.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "IQ Panels2",
"versionType": "custom"
},
{
"lessThanOrEqual": "2+",
"status": "affected",
"version": "IQ Panels2+",
"versionType": "custom"
},
{
"status": "affected",
"version": "IQHub",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "IQPanel 4",
"versionType": "custom"
},
{
"lessThanOrEqual": "53.02",
"status": "affected",
"version": "PowerG",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Chambers of NCC group"
},
{
"lang": "en",
"type": "finder",
"value": "Sultan Qasim Khan of NCC group"
}
],
"datePublic": "2025-12-16T14:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.\u003cbr\u003e"
}
],
"value": "Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T14:32:07.619Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\u003cbr\u003eb. Devices that support PowerG+ should use PowerG v53.05 or later. \u003cbr\u003ec. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\u003cbr\u003ed. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2025-61740",
"datePublished": "2025-12-22T14:32:07.619Z",
"dateReserved": "2025-09-30T15:51:17.096Z",
"dateUpdated": "2025-12-22T16:20:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26379 (GCVE-0-2025-26379)
Vulnerability from cvelistv5
Published
2025-12-22 14:21
Modified
2025-12-22 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Summary
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | IQ Panels2, 2+, IQHub, IQPanel 4, PowerG |
Version: IQ Panels2 < Version: IQ Panel 2+ < Version: IQHub < Version: IQPanel 4 < Version: PowerG < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:19:13.074335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:19:25.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "IQ Panels2",
"versionType": "custom"
},
{
"lessThanOrEqual": "2+",
"status": "affected",
"version": "IQ Panel 2+",
"versionType": "custom"
},
{
"status": "affected",
"version": "IQHub",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "IQPanel 4",
"versionType": "custom"
},
{
"lessThanOrEqual": "53.02",
"status": "affected",
"version": "PowerG",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Chambersof NCC Group"
},
{
"lang": "en",
"type": "finder",
"value": "and Sultan Qasim Khan NCC Group"
}
],
"datePublic": "2025-12-16T14:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.\u003cbr\u003e"
}
],
"value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets."
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T14:21:29.597Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\u003cbr\u003eb. Devices that support PowerG+ should use PowerG v53.05 or later. \u003cbr\u003ec. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\u003cbr\u003ed. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2025-26379",
"datePublished": "2025-12-22T14:21:29.597Z",
"dateReserved": "2025-02-07T14:15:53.879Z",
"dateUpdated": "2025-12-22T16:19:25.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61739 (GCVE-0-2025-61739)
Vulnerability from cvelistv5
Published
2025-12-22 10:19
Modified
2025-12-22 13:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-323 - Reusing a Nonce, Key pair in encryption
Summary
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | IQ Panels2, 2+, IQHub, IQPanel 4, PowerG |
Version: IQPanel2 < Version: IQ Panels 2+ < Version: IQHub < Version: IQPanel 4 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T13:09:06.933752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T13:09:17.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "IQPanel2",
"versionType": "custom"
},
{
"lessThanOrEqual": "2+",
"status": "affected",
"version": "IQ Panels 2+",
"versionType": "custom"
},
{
"status": "affected",
"version": "IQHub",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "IQPanel 4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Chambers of NCC Group"
},
{
"lang": "en",
"type": "finder",
"value": "Sultan Qasim Khan of NCC Group"
}
],
"datePublic": "2025-12-16T10:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets."
}
],
"value": "Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323 Reusing a Nonce, Key pair in encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T10:19:34.183Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\u003cbr\u003eb. Devices that support PowerG+ should use PowerG v53.05 or later. \u003cbr\u003ec. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\u003cbr\u003ed. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2025-61739",
"datePublished": "2025-12-22T10:19:34.183Z",
"dateReserved": "2025-09-30T15:51:17.096Z",
"dateUpdated": "2025-12-22T13:09:17.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}