CVE-2025-26379
HIGHJohnson Controls IQ Panels 2/2+/IQHub/IQPanel 4 PowerG Weak PRNG in Packet Encryption
Title source: llmDescription
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02
Scores
CVSS v4
7.2
EPSS
0.0017
EPSS Percentile
6.2%
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-338
Status
published
Products (5)
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQ Panel 2+ - 2+
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQ Panels2 - 2
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQHub
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
IQPanel 4 - 4.6.0
Johnson Controls/IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
PowerG - 53.02
Published
Dec 22, 2025
Tracked Since
Feb 18, 2026