CNNVD-202512-3985 Information
CNNVD ID
CNNVD-202512-3985
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
Johnson Controls IQ series和Johnson Controls PowerG都是美国江森自控(Johnson Controls)公司的产品。Johnson Controls IQ series是一系列智能安防与自动化控制平台。Johnson Controls PowerG是一个通讯设备。 Johnson Controls IQ series和Johnson Controls PowerG存在安全漏洞,该漏洞源于Nonce重用,可能导致重放攻击或解密捕获数据包。以下产品受到影响:IQ Panels2, IQ Panels2+, IQHub, IQPanel 4, PowerG。
Description (English)
Johnson Controls IQ Sierras and Johnson Controls PowerG are products of Johnson Controls in the United States. Johnson Controls IQ servers are a series of smart security and automated control platforms. Johnson Controls PowerG is a communications device. There is a security loophole between Johnson Controls IQ series and Johnson Controls PowerG, which originates in the re-use of Nonce and may lead to the re-establishment of the attack or decryption of the capture data package. The following products were affected: IQ Panels2, IQ Panels2+, IQHub, IQ Panel 4, PowerG.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
江森自控
Published
2025-12-22
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Patch
https://tyco.widen.net/s/fpznlvnwrh/jci-psa-2025-01
Share on: