← Back to home
ICSA-23-313-01  ·  Published 2023-11-09  ·  View on CISA ICS-CERT ↗

Johnson Controls Quantum HD Unity

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an unauthorized user to access debug features that were accidentally exposed.

CVEs (1)

Remediations

  • Johnson Controls recommends users update the products to the latest versions:
  • Update all Quantum HD Unity Compressor control panels (Q5) to firmware version 11.22.
  • Update all Quantum HD Unity Compressor control panels (Q6) to firmware version 12.22.
  • Update all Quantum HD Unity AcuAir control panels (Q5) to firmware version 11.12.
  • Update all Quantum HD Unity AcuAir control panels (Q6) to firmware version 12.12.
  • Update all Quantum HD Unity Condenser/Vessel control panels (Q5) to firmware version 11.11.
  • Update all Quantum HD Unity Condenser/Vessel control panels (Q6) to firmware version 12.11.
  • Update all Quantum HD Unity Evaporator control panels (Q5) to firmware version 11.11.
  • Update all Quantum HD Unity Evaporator control panels (Q6) to firmware version 12.11.
  • Update all Quantum HD Unity Engine Room control panels (Q5) to firmware version 11.11.
  • Update all Quantum HD Unity Engine Room control panels (Q6) to firmware version 12.11.
  • Update all Quantum HD Unity Interface control panels (Q5) to firmware version 11.11.
  • Update all Quantum HD Unity Interface control panels (Q6) to firmware version 12.11.
  • Refer to the update procedure for assistance in applying the mitigations provided by Johnson Controls.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2023-09 v1.

Affected Vendors

Johnson Controls Inc.

Affected Products (12)

Johnson Controls Inc. · Quantum HD Unity Compressor control panels (Q5) <11.22
Johnson Controls Inc. · Quantum HD Unity Compressor control panels (Q6) <12.22
Johnson Controls Inc. · Quantum HD Unity AcuAir control panels (Q5) <11.12
Johnson Controls Inc. · Quantum HD Unity AcuAir control panels (Q6) <12.12
Johnson Controls Inc. · Quantum HD Unity Condenser/Vessel control panels (Q5) <11.11
Johnson Controls Inc. · Quantum HD Unity Condenser/Vessel control panels (Q6) <12.11
Johnson Controls Inc. · Quantum HD Unity Evaporator control panels (Q5) <11.11
Johnson Controls Inc. · Quantum HD Unity Evaporator control panels (Q6) <12.11
Johnson Controls Inc. · Quantum HD Unity Engine Room control panels (Q5) <11.11
Johnson Controls Inc. · Quantum HD Unity Engine Room control panels (Q6) <12.11
Johnson Controls Inc. · Quantum HD Unity Interface control panels (Q5) <11.11
Johnson Controls Inc. · Quantum HD Unity Interface control panels (Q6) <12.11

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more