Lucene search

JciCVE-2022-21941

HistoryAug 31, 2022 - 4:15 p.m.

CVE-2022-21941

2022-08-3116:15:10

CWE-77

jci

web.nvd.nist.gov

cve-2022-21941

istar ultra

command injection

vulnerability

nvd

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.

Affected configurations

Nvd

Node

johnsoncontrolsistar_ultra_firmwareRange<6.8.9.cu01

AND

johnsoncontrolsistar_ultraMatch-

VendorProductVersionCPE
johnsoncontrolsistar_ultra_firmware*cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:*:*:*:*:*:*:*:*
johnsoncontrolsistar_ultra-cpe:2.3:h:johnsoncontrols:istar_ultra:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
johnsoncontrols	istar_ultra_firmware	*	cpe:2.3:o:johnsoncontrols:istar_ultra_firmware::::::::
johnsoncontrols	istar_ultra	-	cpe:2.3:h:johnsoncontrols:istar_ultra:-:::::::*

CNA Affected

[
  {
    "product": "iSTAR Ultra",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "6.8.9.CU01",
        "status": "affected",
        "version": "all versions prior to 6.8.9.CU01",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-242-11

www.johnsoncontrols.com/cyber-solutions/security-advisories

Social References

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

Related for CVE-2022-21941