Description
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
Scores
CVSS v4
7.2
EPSS
0.0003
EPSS Percentile
9.4%
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-338
Status
published
Products (5)
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQ Panel 2+ - 2+
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQ Panels2 - 2
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQHub
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQPanel 4 - 4.6.0
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
PowerG - 53.02
Published
Dec 22, 2025
Tracked Since
Feb 18, 2026