CVE-2024-0242

Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:johnsoncontrols:qolsys_iq_panel_4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:qolsys_iq_panel_4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:johnsoncontrols:qolsys_iq4_hub_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:qolsys_iq4_hub:-:*:*:*:*:*:*:*

History

15 Feb 2024, 19:08

Type Values Removed Values Added
Summary
  • (es) En determinadas circunstancias, el software del panel IQ Panel4 e IQ4 Hub anterior a la versión 4.4.2 podría permitir el acceso no autorizado a la configuración.
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01 - Third Party Advisory, US Government Resource
References () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Product
CPE cpe:2.3:h:johnsoncontrols:qolsys_iq4_hub:-:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:qolsys_iq4_hub_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:qolsys_iq_panel_4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:qolsys_iq_panel_4:-:*:*:*:*:*:*:*
First Time Johnsoncontrols qolsys Iq4 Hub
Johnsoncontrols qolsys Iq4 Hub Firmware
Johnsoncontrols qolsys Iq Panel 4
Johnsoncontrols qolsys Iq Panel 4 Firmware
Johnsoncontrols
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 9.8
CWE NVD-CWE-noinfo

08 Feb 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-08 20:15

Updated : 2024-02-15 19:08


NVD link : CVE-2024-0242

Mitre link : CVE-2024-0242

CVE.ORG link : CVE-2024-0242


JSON object : View

Products Affected

johnsoncontrols

  • qolsys_iq_panel_4_firmware
  • qolsys_iq4_hub
  • qolsys_iq4_hub_firmware
  • qolsys_iq_panel_4
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor