CVE-2024-0242

EUVD-2024-16039
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
jciCNA
7.3 HIGH
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
johnsoncontrolsqolsys_iq_panel_4_firmware
𝑥
< 4.4.2
johnsoncontrolsqolsys_iq4_hub_firmware
𝑥
< 4.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories