CVE-2023-3127 - OpenCVE

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Johnsoncontrols	Edge G2 Edge G2 Firmware Istar Ultra Istar Ultra Firmware Istar Ultra G2 Istar Ultra G2 Firmware Istar Ultra Lt Istar Ultra Lt Firmware

Configuration 1 [-]

AND

cpe:2.3:h:johnsoncontrols:istar_ultra:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:johnsoncontrols:istar_ultra_firmware::::::::
	cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:6.9.2:-::::::

Configuration 2 [-]

AND

cpe:2.3:h:johnsoncontrols:istar_ultra_lt:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware::::::::
	cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware:6.9.2:-::::::

Configuration 3 [-]

AND

cpe:2.3:h:johnsoncontrols:istar_ultra_g2:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware::::::::
	cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware:6.9.2:-::::::

Configuration 4 [-]

AND

cpe:2.3:h:johnsoncontrols:edge_g2:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:johnsoncontrols:edge_g2_firmware::::::::
	cpe:2.3:o:johnsoncontrols:edge_g2_firmware:6.9.2:-::::::

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02
https://www.johnsoncontrols.com/cyber-solutions/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: jci

Published: 2023-07-11T21:06:29.003Z

Updated: 2024-08-02T06:48:07.288Z

Reserved: 2023-06-06T14:51:53.713Z

Link: CVE-2023-3127

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-11T22:15:09.907

Modified: 2023-07-20T01:49:31.853

Link: CVE-2023-3127

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3127", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "state": "PUBLISHED", "assignerShortName": "jci", "dateReserved": "2023-06-06T14:51:53.713Z", "datePublished": "2023-07-11T21:06:29.003Z", "dateUpdated": "2024-08-02T06:48:07.288Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "iSTAR Ultra", "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.", "versions": [{"lessThan": "6.9.2 CU01", "status": "affected", "version": ">6.8.6", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "iSTAR Ultra LT", "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.", "versions": [{"lessThan": "6.9.2 CU01", "status": "affected", "version": ">6.8.6", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "iSTAR Ultra G2", "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.", "versions": [{"lessThan": "6.9.2 CU01", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "iSTAR Edge G2", "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.", "versions": [{"lessThan": "6.9.2 CU01", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-07-11T21:03:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights."}], "value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2023-07-11T21:06:29.003Z"}, "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01.<br><br>"}], "value": "Upgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01.\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Authentication in iSTAR", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.288Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra:-:*:*:*:*:*:*:*", "matchCriteriaId": "F89B3465-8274-49E5-8290-1893B4C2AC07", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C49B542F-166F-4385-B910-705064C5B109", "versionEndExcluding": "6.9.2", "versionStartIncluding": "6.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:6.9.2:-:*:*:*:*:*:*", "matchCriteriaId": "7AF26AC6-083F-4BB3-86AF-8730E2BFD397", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra_lt:-:*:*:*:*:*:*:*", "matchCriteriaId": "A759A7FA-5AEA-48D8-B40E-B0DA7223F0F4", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9D2D8D5-A67D-45DD-A718-37C29D633931", "versionEndExcluding": "6.9.2", "versionStartIncluding": "6.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware:6.9.2:-:*:*:*:*:*:*", "matchCriteriaId": "5294AD55-D524-4E5A-ACEC-7685974A9415", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A148D700-5542-473A-B88F-849180658787", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "85B7CE5A-A2A1-4433-B85A-8B6255B3D657", "versionEndExcluding": "6.9.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware:6.9.2:-:*:*:*:*:*:*", "matchCriteriaId": "7A3A4BDF-12FE-43C9-8CD4-0CA764E08175", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:edge_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BBCCE7-3098-41B0-A388-53E3DA9A29B9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:edge_g2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D26CC65-9CCF-41A5-BC1B-2AAFAF9393E1", "versionEndExcluding": "6.9.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:johnsoncontrols:edge_g2_firmware:6.9.2:-:*:*:*:*:*:*", "matchCriteriaId": "C629C7CF-4372-494D-8B1C-CC4795356E03", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights."}], "id": "CVE-2023-3127", "lastModified": "2023-07-20T01:49:31.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.3, "source": "productsecurity@jci.com", "type": "Secondary"}]}, "published": "2023-07-11T22:15:09.907", "references": [{"source": "productsecurity@jci.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02"}, {"source": "productsecurity@jci.com", "tags": ["Vendor Advisory"], "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}], "sourceIdentifier": "productsecurity@jci.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "productsecurity@jci.com", "type": "Secondary"}]}