← Back to home
ICSA-24-039-01  ·  Published 2024-02-08  ·  View on CISA ICS-CERT ↗

Qolsys IQ Panel 4, IQ4 HUB

CVSS 7.3 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow the panel software, under certain circumstances, to provide unauthorized access to settings.

CVEs (1)

Remediations

  • Johnson Controls has provided the following recommendations for its subsidiary company, Qolsys, Inc, to help reduce the risk of the vulnerability:
  • Upgrade IQ Panel 4, IQ4 Hub to version 4.4.2.
  • The firmware can be updated remotely to all available devices in the field.
  • The firmware update can also be manually loaded by applying the patch tag "iqpanel4.4.2" on the device after navigating to its firmware update page.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-03.

Affected Vendors

Qolsys, Inc.

Affected Products (2)

Qolsys, Inc. · Qolsys IQ Panel 4 <4.4.2
Qolsys, Inc. · Qolsys IQ4 Hub <4.4.2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more