Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Johnson Controls — Vulnerabilities & Security Advisories 76

Browse all 76 CVE security advisories affecting Johnson Controls. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Johnson Controls:Frick Controls Quantum HDMetasys ADS/ADX/OAS serverexacqVisioniSTAR Configuration Utility (ICU)American Dynamics Illustra Essentials Gen 4MetasysIQ Panels2, 2+, IQHub, IQPanel 4, PowerGexacqVision Web ServiceSystem Configuration Tool (SCT)OpenBlue Enterprise Manager Data CollectorSoftware House C•CURE 9000iSTAR Ultra, iSTAR Ultra SEMetasys versions prior to 9.0TYCO Illustra Pro4 Fixed camerasKantech KT1 Door Controller, Rev01Software House C•CURE 9000 InstalleriSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SEOpenBlue Workplace (formerly FM Systems)IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGMetasys NAE55/SNE/SNCQuantum HD Unity CompressorIQ Wifi 6iSTAR UltraC•CURE 9000exacqVision Enterprise ManagerKantech EntraPass Corporate EditionMetasys Application and Data Server (ADS, ADS-Lite)Software House C•CURE 9000 v2.70Kantech EntraPass Security Management Software Special Edition versions 8.22 and priorexacqVision Web Service versions 20.03.2.0 and prior
CVE IDTitleCVSSSeverityPublished
CVE-2026-21660 Johnson Controls-Frick Quantum HD-Hardcoded Email Credentials Saved as Plaintext in Firmware — Frick Controls Quantum HDCWE-256 9.8 -2026-02-27
CVE-2026-21659 Johnson Controls -Frick Quantum HD-Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion — Frick Controls Quantum HDCWE-23 9.8 -2026-02-27
CVE-2026-21658 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution — Frick Controls Quantum HDCWE-94 9.8 -2026-02-27
CVE-2026-21657 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution — Frick Controls Quantum HDCWE-94 6.8 -2026-02-27
CVE-2026-21656 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution — Frick Controls Quantum HDCWE-94 6.8 -2026-02-27
CVE-2026-21654 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution — Frick Controls Quantum HDCWE-78 6.6 -2026-02-27
CVE-2025-26385 Metasys product command injection vulnerability could allow remote SQL execution — MetasysCWE-77 9.8AICriticalAI2026-01-30
CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool — iSTAR Configuration Utility (ICU)CWE-121 8.4AIHighAI2026-01-28
CVE-2025-43876 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings — iSTAR Ultra, iSTAR Ultra SECWE-78 9.8AICriticalAI2025-12-24
CVE-2025-43875 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo — iSTAR Ultra, iSTAR Ultra SECWE-78 8.8AIHighAI2025-12-24
CVE-2025-61740 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error — IQ Panels2, 2+, IQHub, IQPanel 4, PowerGCWE-346 9.1AICriticalAI2025-12-22
CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator — IQ Panels2, 2+, IQHub, IQPanel 4, PowerGCWE-338 8.2AIHighAI2025-12-22
CVE-2025-61739 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption — IQ Panels2, 2+, IQHub, IQPanel 4, PowerGCWE-323 7.5AIHighAI2025-12-22
CVE-2025-61738 Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information — IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGCWE-319 7.4AIHighAI2025-12-22
CVE-2025-26381 OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly FM Systems) — OpenBlue Workplace (formerly FM Systems)CWE-425 7.5AIHighAI2025-12-17
CVE-2025-61736 iSTAR- Improper Validation of Certificate Expiration — iSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SECWE-298 5.3AIMediumAI2025-12-17
CVE-2025-26383 Johnson Controls iSTAR Configuration Utility 安全漏洞 — iSTAR Configuration Utility (ICU)CWE-457 5.5AIMediumAI2025-06-11
CVE-2025-26382 Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool — iSTAR Configuration Utility (ICU)CWE-121 8.4 -2025-04-24
CVE-2024-32862 exacqVision CORS — exacqVisionCWE-942 6.8 Medium2024-08-01
CVE-2024-32758 exacqVision - Key exchanges — exacqVisionCWE-326--AI2024-08-01
CVE-2024-32931 exacqVison - Token Disclosed in URL — exacqVisionCWE-598 5.7 Medium2024-08-01
CVE-2024-32865 exacqVison - TLS certificate validation — exacqVisionCWE-295 6.4 Medium2024-08-01
CVE-2024-32864 exacqVison - HTTPS Session Establishment — exacqVisionCWE-319 6.4 Medium2024-08-01
CVE-2024-32863 exacqVison - CSRF issues with Web Service — exacqVisionCWE-352 6.8 Medium2024-08-01
CVE-2024-32861 Software House C•CURE - CouchDB executable protection — Software House C•CURE 9000 InstallerCWE-276 7.8 High2024-07-16
CVE-2024-32753 TYCO Illustra Pro Gen 4 - JQuery version — TYCO Illustra Pro4 Fixed camerasCWE-1395 9.1AICriticalAI2024-07-11
CVE-2024-32759 Johnson Controls Software House C●CURE 9000 installer password strength — Software House C•CURE 9000CWE-1391 9.8AICriticalAI2024-07-10
CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information — Kantech KT1 Door Controller, Rev01CWE-200 3.1 Low2024-07-04
CVE-2024-32932 American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - stored web interface — American Dynamics Illustra Essentials Gen 4CWE-257 6.8 Medium2024-07-02
CVE-2024-32757 American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak — American Dynamics Illustra Essentials Gen 4CWE-532 6.8 Medium2024-07-02

This page lists every published CVE security advisory associated with Johnson Controls. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.