CNNVD-202601-4790 Information
CNNVD ID
CNNVD-202601-4790
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Johnson Controls iSTAR Configuration Utility是美国江森自控(Johnson Controls)公司的一款用于配置和管理iSTAR Controllers的软件工具。 Johnson Controls iSTAR Configuration Utility (ICU) 6.9.7及之前版本存在安全漏洞,该漏洞源于栈缓冲区溢出,可能导致操作系统故障。
Description (English)
Johnson Controls iSTAR Construction Utility is a software tool for the configuration and management of iSTAR Contractors at Johnson Controls in the United States. There is a security loophole in Johnson Controls iSTAR Construction United (ICU) 6.9.7 and earlier versions, which originates from the spilling out of the silo buffer zone, which could lead to operational system malfunctions.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
江森自控
Published
2026-01-28
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Patch
https://tyco.widen.net/s/bxhdzcjkgc/jci-psa-2026-03
Share on: