{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-61740", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "state": "PUBLISHED", "assignerShortName": "jci", "dateReserved": "2025-09-30T15:51:17.096Z", "datePublished": "2025-12-22T14:32:07.619Z", "dateUpdated": "2025-12-22T16:20:04.536Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "2", "status": "affected", "version": "IQ Panels2", "versionType": "custom"}, {"lessThanOrEqual": "2+", "status": "affected", "version": "IQ Panels2+", "versionType": "custom"}, {"status": "affected", "version": "IQHub", "versionType": "custom"}, {"lessThanOrEqual": "4.6.0", "status": "affected", "version": "IQPanel 4", "versionType": "custom"}, {"lessThanOrEqual": "53.02", "status": "affected", "version": "PowerG", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "James Chambers of NCC group"}, {"lang": "en", "type": "finder", "value": "Sultan Qasim Khan of NCC group"}], "datePublic": "2025-12-16T14:23:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "&nbsp;Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.<br>"}], "value": "Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.2, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "description": "CWE-346 Origin Validation Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2025-12-22T14:32:07.619Z"}, "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i<br>b. Devices that support PowerG+ should use PowerG v53.05 or later. <br>c. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process<br>d. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater<br><br>"}], "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"}], "source": {"discovery": "UNKNOWN"}, "title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T16:19:54.221428Z", "id": "CVE-2025-61740", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:20:04.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61740", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-22T16:19:54.221428Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:20:00.515Z"}}], "cna": {"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG Origin Validation Error", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "James Chambers of NCC group"}, {"lang": "en", "type": "finder", "value": "Sultan Qasim Khan of NCC group"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Johnson Controls", "product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG", "versions": [{"status": "affected", "version": "IQ Panels2", "versionType": "custom", "lessThanOrEqual": "2"}, {"status": "affected", "version": "IQ Panels2+", "versionType": "custom", "lessThanOrEqual": "2+"}, {"status": "affected", "version": "IQHub", "versionType": "custom"}, {"status": "affected", "version": "IQPanel 4", "versionType": "custom", "lessThanOrEqual": "4.6.0"}, {"status": "affected", "version": "PowerG", "versionType": "custom", "lessThanOrEqual": "53.02"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater", "supportingMedia": [{"type": "text/html", "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i<br>b. Devices that support PowerG+ should use PowerG v53.05 or later. <br>c. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process<br>d. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater<br><br>", "base64": false}]}], "datePublic": "2025-12-16T14:23:00.000Z", "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.", "supportingMedia": [{"type": "text/html", "value": "&nbsp;Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2025-12-22T14:32:07.619Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61740", "state": "PUBLISHED", "dateUpdated": "2025-12-22T16:20:04.536Z", "dateReserved": "2025-09-30T15:51:17.096Z", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "datePublished": "2025-12-22T14:32:07.619Z", "assignerShortName": "jci"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device."}], "id": "CVE-2025-61740", "lastModified": "2025-12-22T15:16:00.397", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productsecurity@jci.com", "type": "Secondary"}]}, "published": "2025-12-22T15:16:00.397", "references": [{"source": "productsecurity@jci.com", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"}, {"source": "productsecurity@jci.com", "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}], "sourceIdentifier": "productsecurity@jci.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "productsecurity@jci.com", "type": "Secondary"}]}

{}

{}