9.8
CVE-2024-0242
- EPSS 0.59%
- Veröffentlicht 08.02.2024 20:15:52
- Zuletzt bearbeitet 21.11.2024 08:46:08
- Quelle productsecurity@jci.com
- CVE-Watchlists
- Unerledigt
LoginUnauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Johnsoncontrols ≫ Qolsys Iq Panel 4 Firmware Version < 4.4.2
Johnsoncontrols ≫ Qolsys Iq4 Hub Firmware Version < 4.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.433 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| productsecurity@jci.com | 7.3 | 0.9 | 5.8 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01