CVE-2024-32752 (GCVE-0-2024-32752)
Vulnerability from cvelistv5
Published
2024-06-06 20:49
Modified
2025-04-24 20:05
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-306 - Missing Authentication for Critical Function
Summary
The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access
References
productsecurity@jci.comhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04
productsecurity@jci.comhttps://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
af854a3a-2127-422b-91ae-364da2661108https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04
af854a3a-2127-422b-91ae-364da2661108https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf
Impacted products
Vendor Product Version
Johnson Controls iSTAR Configuration Utility (ICU) Version: 0   <
Create a notification for this product.
   Johnson Controls iSTAR Pro, Edge and eX Version: 0   <
Create a notification for this product.
   Johnson Controls iSTAR Ultra and Ultra LT Version: 0   < 6.6.B
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:johnsoncontrols:software_house_istar_pro_door_controller:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "software_house_istar_pro_door_controller",
            "vendor": "johnsoncontrols",
            "versions": [
              {
                "status": "affected",
                "version": "all"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:johnsoncontrols:icu:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "icu",
            "vendor": "johnsoncontrols",
            "versions": [
              {
                "status": "affected",
                "version": "all"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-32752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-07T16:00:39.441305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-07T16:15:20.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:35.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "iSTAR Configuration Utility (ICU)",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThanOrEqual": "All",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "iSTAR Pro, Edge and eX",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThanOrEqual": "All",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "iSTAR Ultra and Ultra LT",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "6.6.B",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Reid Wightman"
        }
      ],
      "datePublic": "2025-04-24T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\ncommunications with ICU, which may allow an attacker to gain unauthorized access"
            }
          ],
          "value": "The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\ncommunications with ICU, which may allow an attacker to gain unauthorized access"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248: Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T20:05:35.350Z",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\nchanges.\n\u003cbr\u003e\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater. \n\n\u003cbr\u003e"
            }
          ],
          "value": "\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\nchanges.\n\n\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2024-32752",
    "datePublished": "2024-06-06T20:49:53.476Z",
    "dateReserved": "2024-04-17T17:26:35.180Z",
    "dateUpdated": "2025-04-24T20:05:35.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-32752\",\"sourceIdentifier\":\"productsecurity@jci.com\",\"published\":\"2024-06-06T21:15:48.523\",\"lastModified\":\"2025-04-24T20:15:31.463\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\\ncommunications with ICU, which may allow an attacker to gain unauthorized access\"},{\"lang\":\"es\",\"value\":\"En determinadas circunstancias, las comunicaciones entre la herramienta ICU y un controlador de puerta iSTAR Pro son susceptibles a ataques Machine-in-the-Middle que podr\u00edan afectar el control y la configuraci\u00f3n de la puerta.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\",\"source\":\"productsecurity@jci.com\"},{\"url\":\"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\",\"source\":\"productsecurity@jci.com\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:20:35.187Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32752\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-07T16:00:39.441305Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:johnsoncontrols:software_house_istar_pro_door_controller:*:*:*:*:*:*:*:*\"], \"vendor\": \"johnsoncontrols\", \"product\": \"software_house_istar_pro_door_controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:h:johnsoncontrols:icu:*:*:*:*:*:*:*:*\"], \"vendor\": \"johnsoncontrols\", \"product\": \"icu\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-07T16:11:07.500Z\"}}], \"cna\": {\"title\": \"Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Reid Wightman\"}], \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248: Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Johnson Controls\", \"product\": \"iSTAR Configuration Utility (ICU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"All\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"iSTAR Pro, Edge and eX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"All\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"iSTAR Ultra and Ultra LT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.6.B\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\\nchanges.\\n\\n\\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\\nchanges.\\n\u003cbr\u003e\\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater. \\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-04-24T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\\ncommunications with ICU, which may allow an attacker to gain unauthorized access\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\\ncommunications with ICU, which may allow an attacker to gain unauthorized access\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306: Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"shortName\": \"jci\", \"dateUpdated\": \"2025-04-24T20:05:35.350Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-32752\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-24T20:05:35.350Z\", \"dateReserved\": \"2024-04-17T17:26:35.180Z\", \"assignerOrgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"datePublished\": \"2024-06-06T20:49:53.476Z\", \"assignerShortName\": \"jci\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.