CVE-2025-26386
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Summary
Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Johnson Controls | iSTAR Configuration Utility (ICU) | iSTAR Configuration Utility (ICU) tool version 6.9.7 and prior | affected |
Weaknesses
- CWE-121: CWE-121 Stack-based Buffer Overflow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.