CVE-2025-61738

Summary

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsIQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGIQPanel2 <= 2affected
Johnson ControlsIQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGIQHubaffected
Johnson ControlsIQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGIQPanel2+ <= 2+affected
Johnson ControlsIQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG,IQPanel 4 <= 4.6.0affected
Johnson ControlsIQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGPowerG <= 53.02affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References