CVE-2023-4804 (GCVE-0-2023-4804)
Vulnerability from cvelistv5
Published
2023-11-10 22:17
Modified
2025-12-16 18:23
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
Summary
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
References
Impacted products
Vendor Product Version
Johnson Controls Quantum HD Unity Compressor Version: 0   < 11.22
Version: 0   < 12.22
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4804",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-18T05:00:39.237843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T18:23:26.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Quantum HD Unity Compressor",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "11.22",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.22",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Quantum HD Unity AcuAir",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "11.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Quantum HD Unity Condenser/Vessel",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "11.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Quantum HD Unity Evaporator",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "11.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Quantum HD Unity Engine Room",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "11.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Quantum HD Unity Interface",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "11.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jim Reprogle"
        }
      ],
      "datePublic": "2023-11-10T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An\u0026nbsp;unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed."
            }
          ],
          "value": "An\u00a0unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-212",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-212 Functionality Misuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Active Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-10T22:17:55.249Z",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).\u003cbr\u003e"
            }
          ],
          "value": "Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).\n"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update all Quantum HD Unity AcuAir control panels to firmware version 11.12 (Q5) or 12.12 (Q6).\u003cbr\u003e"
            }
          ],
          "value": "Update all Quantum HD Unity AcuAir control panels to firmware version 11.12 (Q5) or 12.12 (Q6).\n"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update all Quantum HD Unity Condenser/Vessel control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\u003cbr\u003e"
            }
          ],
          "value": "Update all Quantum HD Unity Condenser/Vessel control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nUpdate all Quantum HD Unity Evaporator control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nUpdate all Quantum HD Unity Evaporator control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\n"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nUpdate all Quantum HD Unity Engine Room control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nUpdate all Quantum HD Unity Engine Room control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\n"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nUpdate all Quantum HD Unity Interface control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nUpdate all Quantum HD Unity Interface control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Quantum HD Unity",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2023-4804",
    "datePublished": "2023-11-10T22:17:55.249Z",
    "dateReserved": "2023-09-06T15:44:07.459Z",
    "dateUpdated": "2025-12-16T18:23:26.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4804\",\"sourceIdentifier\":\"productsecurity@jci.com\",\"published\":\"2023-11-10T23:15:07.743\",\"lastModified\":\"2024-11-21T08:36:00.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An\u00a0unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.\"},{\"lang\":\"es\",\"value\":\"Un usuario no autorizado podr\u00eda acceder a las funciones de depuraci\u00f3n de los productos Quantum HD Unity que quedaron expuestos accidentalmente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-489\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.00\",\"versionEndExcluding\":\"11.22\",\"matchCriteriaId\":\"F1B48F7F-42AA-45AA-8FC7-F93FA3136139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.00\",\"versionEndExcluding\":\"12.22\",\"matchCriteriaId\":\"2017C20F-3D16-4848-A0EF-42B4B4EBE345\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:johnsoncontrols:quantum_hd_unity_compressor:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"640BFA18-318D-41FA-BBE1-C91234A25A1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.00\",\"versionEndExcluding\":\"11.12\",\"matchCriteriaId\":\"A7E3C78C-D372-4CF3-BA1B-3F2DF3EDF364\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.00\",\"versionEndExcluding\":\"12.12\",\"matchCriteriaId\":\"607F1C13-830D-4B8D-8BCF-42A8AEDB3147\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:johnsoncontrols:quantum_hd_unity_acuair:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EC4238A-8CE2-4DBE-BAE5-9E687725CCB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\\\\/vessel_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.00\",\"versionEndExcluding\":\"11.11\",\"matchCriteriaId\":\"A84D6C4C-55F8-4E99-9BFC-F1C4E554F933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\\\\/vessel_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.00\",\"versionEndExcluding\":\"12.11\",\"matchCriteriaId\":\"E69F5AF9-715A-4AAB-BCB2-5B8AEE775BE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:johnsoncontrols:quantum_hd_unity_condenser\\\\/vessel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1139B733-1714-4111-B53C-4644A736B734\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.00\",\"versionEndExcluding\":\"11.11\",\"matchCriteriaId\":\"1CE01D66-6D85-4685-87D7-CA3A8D976412\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.00\",\"versionEndExcluding\":\"12.11\",\"matchCriteriaId\":\"29520C3D-1083-47BE-9B61-652579E28867\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:johnsoncontrols:quantum_hd_unity_evaporator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"769190A6-EF60-470F-B308-64DDD4D96C79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.00\",\"versionEndExcluding\":\"11.11\",\"matchCriteriaId\":\"02F0D946-8D1D-42E2-8C55-2D9098AFC9E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.00\",\"versionEndExcluding\":\"12.11\",\"matchCriteriaId\":\"C3AACE2F-4103-40FC-B1A5-79657AC808FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:johnsoncontrols:quantum_hd_unity_engine_room:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC48EFE2-04CD-491E-A127-E4F4370C202D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_interface_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.00\",\"versionEndExcluding\":\"11.11\",\"matchCriteriaId\":\"5A617CBC-3B72-46EC-B7B6-F51EFC1CD0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:johnsoncontrols:quantum_hd_unity_interface_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.00\",\"versionEndExcluding\":\"12.11\",\"matchCriteriaId\":\"27A27741-45EE-4F9F-98F2-260804055A19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:johnsoncontrols:quantum_hd_unity_interface:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0E1361-A1D8-43AD-B0C7-9D54049DF6A8\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01\",\"source\":\"productsecurity@jci.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\",\"source\":\"productsecurity@jci.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:38:00.647Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4804\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-11-18T05:00:39.237843Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-08T21:46:08.518Z\"}}], \"cna\": {\"title\": \"Quantum HD Unity\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Jim Reprogle\"}], \"impacts\": [{\"capecId\": \"CAPEC-212\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-212 Functionality Misuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Johnson Controls\", \"product\": \"Quantum HD Unity Compressor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.22\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"Quantum HD Unity AcuAir\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"Quantum HD Unity Condenser/Vessel\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"Quantum HD Unity Evaporator\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"Quantum HD Unity Engine Room\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"Quantum HD Unity Interface\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Update all Quantum HD Unity AcuAir control panels to firmware version 11.12 (Q5) or 12.12 (Q6).\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update all Quantum HD Unity AcuAir control panels to firmware version 11.12 (Q5) or 12.12 (Q6).\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Update all Quantum HD Unity Condenser/Vessel control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update all Quantum HD Unity Condenser/Vessel control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"\\nUpdate all Quantum HD Unity Evaporator control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nUpdate all Quantum HD Unity Evaporator control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\\n\\n\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"\\nUpdate all Quantum HD Unity Engine Room control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nUpdate all Quantum HD Unity Engine Room control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\\n\\n\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"\\nUpdate all Quantum HD Unity Interface control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nUpdate all Quantum HD Unity Interface control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-11-10T22:00:00.000Z\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An\\u00a0unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An\u0026nbsp;unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-489\", \"description\": \"CWE-489: Active Debug Code\"}]}], \"providerMetadata\": {\"orgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"shortName\": \"jci\", \"dateUpdated\": \"2023-11-10T22:17:55.249Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4804\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T18:23:26.662Z\", \"dateReserved\": \"2023-09-06T15:44:07.459Z\", \"assignerOrgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"datePublished\": \"2023-11-10T22:17:55.249Z\", \"assignerShortName\": \"jci\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.