Johnson Controls has identified critical vulnerabilities affecting several versions of their iSTAR Ultra series and edge door controllers, which could allow remote attackers to take full control of the devices via OS Command Injection. Organizations should prioritize firmware updates and implement network security measures to mitigate these risks. #JohnsonControls #OSCommandInjection
Keypoints
- Vulnerabilities affect multiple versions of Johnson Controls iSTAR Ultra and Edge door controllers.
- The critical CVSS scores for these vulnerabilities are 8.7 and 8.8, indicating high severity.
- Successful exploitation can enable attackers to modify firmware and gain complete device control.
- Johnson Controls recommends updating affected devices to specific firmware versions to mitigate risk.
- Organizations should enhance network security, isolate control systems, and follow recommended ICS cybersecurity practices.
Read More: https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-02