CVE-2025-26379

Summary

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQ Panels2 <= 2affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQ Panel 2+ <= 2+affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQHubaffected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQPanel 4 <= 4.6.0affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGPowerG <= 53.02affected

Weaknesses

  • CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References