← Back to home
ICSA-23-192-02  ·  Published 2023-07-11  ·  View on CISA ICS-CERT ↗

Sensormatic Electronics iSTAR

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated user to login to iSTAR devices with administrator rights.

CVEs (1)

Remediations

  • Johnson Controls recommends that users upgrade Sensormatic Elctronics iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CUO1.
  • Upgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2023-05.

Affected Vendors

Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc.

Affected Products (4)

Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. · iSTAR Ultra > 6.8.6 | < 6.9.2 CU01
Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. · iSTAR Ultra LT > 6.8.6 | < 6.9.2 CU01
Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. · iSTAR Ultra G2 < 6.9.2 CU01
Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. · iSTAR Edge G2 < 6.9.2 CU01

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more