CNNVD-202512-3982 Information
CNNVD ID
CNNVD-202512-3982
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
Johnson Controls IQ series和Johnson Controls PowerG都是美国江森自控(Johnson Controls)公司的产品。Johnson Controls IQ series是一系列智能安防与自动化控制平台。Johnson Controls PowerG是一个通讯设备。 Johnson Controls IQ series和Johnson Controls PowerG存在安全漏洞,该漏洞源于使用弱伪随机数生成器,可能导致攻击者读取或注入加密PowerG数据包。
Description (English)
Johnson Controls IQ Sierras and Johnson Controls PowerG are products of Johnson Controls in the United States. Johnson Controls IQ servers are a series of smart security and automated control platforms. Johnson Controls PowerG is a communications device. There is a security loophole between Johnson Controls IQ series and Johnson Controls PowerG, which stems from the use of a weak, pseudo-random generator, which may lead the attackers to read or inject encrypted PowerG data packages.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
江森自控
Published
2025-12-22
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Patch
https://tyco.widen.net/s/fpznlvnwrh/jci-psa-2025-01
Share on: