1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable Remotely/Low attack complexity
- Vendor: Johnson Controls Inc.
- Equipment: Quantum HD Unity
- Vulnerability: Active Debug Code
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthorized user to access debug features that were accidentally exposed.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Johnson Controls Quantum HD Unity products are affected:
- Quantum HD Unity Compressor control panels (Q5): All versions prior to v11.22
- Quantum HD Unity Compressor control panels (Q6): All versions prior to v12.22
- Quantum HD Unity AcuAir control panels(Q5): All versions prior to v11.12
- Quantum HD Unity AcuAir control panels(Q6): All versions prior to v12.12
- Quantum HD Unity Condenser/Vessel control panels (Q5): All versions prior to v11.11
- Quantum HD Unity Condenser/Vessel control panels (Q6): All versions prior to v12.11
- Quantum HD Unity Evaporator control panels (Q5): All versions prior to v11.11
- Quantum HD Unity Evaporator control panels (Q6): All versions prior to v12.11
- Quantum HD Unity Engine Room control panels (Q5): All versions prior to v11.11
- Quantum HD Unity Engine Room control panels (Q6): All versions prior to v12.11
- Quantum HD Unity Interface control panels (Q5): All versions prior to v11.11
- Quantum HD Unity Interface control panels (Q6): All versions prior to v12.11
3.2 Vulnerability Overview
3.2.1 ACTIVE DEBUG CODE CWE-489
Johnson Controls Quantum HD products could allow an unauthorized user to access debug features that were accidentally exposed.
CVE-2023-4804 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories