← Back to home
ICSA-26-022-04  ·  Published 2026-01-22  ·  View on CISA ICS-CERT ↗

Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

CVSS 7.1 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool.

CVEs (1)

Remediations

  • Johnson Controls Inc. recommends the following:
  • Update the iSTAR Configuration Utility (ICU) tool to version 6.9.8
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2025-08 v1 at the following location: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

Affected Vendors

Johnson Controls Inc.

Affected Products (1)

Johnson Controls Inc. · iSTAR Configuration Utility (ICU) tool <=6.9.7

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, Government Services and Facilities, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more