CVE-2025-61738
LOWJohnson Controls IQPanel2, IQHub, IQPanel2+, IQPanel 4, PowerG - Cleartext Transmission of Sensitive Information
Title source: llmDescription
Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02
Scores
CVSS v4
2.3
EPSS
0.0017
EPSS Percentile
6.1%
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (5)
Johnson Controls/IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG
,IQPanel 4 - 4.6.0
Johnson Controls/IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG
IQHub
Johnson Controls/IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG
IQPanel2 - 2
Johnson Controls/IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG
IQPanel2+ - 2+
Johnson Controls/IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG
PowerG - 53.02
Published
Dec 22, 2025
Tracked Since
Feb 18, 2026