CVE-2023-3127
HIGHJohnson Controls iSTAR Ultra/LT/G2 & Edge G2 <6.9.2 - Unauthenticated Admin Access
Title source: llmDescription
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02
Scores
CVSS v3
7.5
EPSS
0.0045
EPSS Percentile
35.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (8)
johnsoncontrols/edge_g2_firmware
6.9.2
johnsoncontrols/edge_g2_firmware
< 6.9.2
johnsoncontrols/istar_ultra_firmware
6.9.2
johnsoncontrols/istar_ultra_firmware
6.8.6 - 6.9.2
johnsoncontrols/istar_ultra_g2_firmware
6.9.2
johnsoncontrols/istar_ultra_g2_firmware
< 6.9.2
johnsoncontrols/istar_ultra_lt_firmware
6.9.2
johnsoncontrols/istar_ultra_lt_firmware
6.8.6 - 6.9.2
Published
Jul 11, 2023
Tracked Since
Feb 18, 2026