#VU82962 Active Debug Code in Johnson Controls products - CVE-2023-4804
Published: November 10, 2023
Vulnerability identifier: #VU82962
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-4804
CWE-ID: CWE-489
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Quantum HD Unity Compressor control panels (Q5)
Quantum HD Unity Compressor control panels (Q6)
Quantum HD Unity AcuAir control panels(Q5)
Quantum HD Unity AcuAir control panels(Q6)
Quantum HD Unity Condenser/Vessel control panels (Q5)
Quantum HD Unity Condenser/Vessel control panels (Q6)
Quantum HD Unity Evaporator control panels (Q5)
Quantum HD Unity Evaporator control panels (Q6)
Quantum HD Unity Engine Room control panels (Q5)
Quantum HD Unity Engine Room control panels (Q6)
Quantum HD Unity Interface control panels (Q5)
Quantum HD Unity Interface control panels (Q6)
Quantum HD Unity Compressor control panels (Q5)
Quantum HD Unity Compressor control panels (Q6)
Quantum HD Unity AcuAir control panels(Q5)
Quantum HD Unity AcuAir control panels(Q6)
Quantum HD Unity Condenser/Vessel control panels (Q5)
Quantum HD Unity Condenser/Vessel control panels (Q6)
Quantum HD Unity Evaporator control panels (Q5)
Quantum HD Unity Evaporator control panels (Q6)
Quantum HD Unity Engine Room control panels (Q5)
Quantum HD Unity Engine Room control panels (Q6)
Quantum HD Unity Interface control panels (Q5)
Quantum HD Unity Interface control panels (Q6)
Software vendor:
Johnson Controls
Johnson Controls
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the active debug code issue. A remote attacker can access debug features that were accidentally exposed.
Remediation
Install updates from vendor's website.