CVE-2023-4804

Summary

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsQuantum HD Unity Compressor0 < 11.22affected
Johnson ControlsQuantum HD Unity Compressor0 < 12.22affected
Johnson ControlsQuantum HD Unity AcuAir0 < 11.12affected
Johnson ControlsQuantum HD Unity AcuAir0 < 12.12affected
Johnson ControlsQuantum HD Unity Condenser/Vessel0 < 11.11affected
Johnson ControlsQuantum HD Unity Condenser/Vessel0 < 12.11affected
Johnson ControlsQuantum HD Unity Evaporator0 < 11.11affected
Johnson ControlsQuantum HD Unity Evaporator0 < 12.11affected
Johnson ControlsQuantum HD Unity Engine Room0 < 11.11affected
Johnson ControlsQuantum HD Unity Engine Room0 < 12.11affected
Johnson ControlsQuantum HD Unity Interface0 < 11.11affected
Johnson ControlsQuantum HD Unity Interface0 < 12.11affected

Weaknesses

  • CWE-489: CWE-489: Active Debug Code

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References