CVE-2024-32752

Summary

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsiSTAR Configuration Utility (ICU)0 <= Allaffected
Johnson ControlsiSTAR Pro, Edge and eX0 <= Allaffected
Johnson ControlsiSTAR Ultra and Ultra LT0 < 6.6.Baffected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References