PT-2024-5077 · Johnson Controls · Istar Pro Door Controller

Reid Wightman

Published

2024-06-06

Updated

2024-07-03

CVE-2024-32752

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Johnson Controls Software House iStar Pro Door Controller (affected versions not specified)

Description: The issue is related to the lack of authentication for a critical function in the ICU tool and iSTAR Pro door controller, which can be exploited by a remote attacker to perform a Machine-in-the-Middle attack. This could impact door control and configuration. The attack exploits the communication between the ICU tool and the iSTAR Pro door controller.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2024-05604

CVE-2024-32752

Affected Products

Istar Pro Door Controller

PT-2024-5077 · Johnson Controls · Istar Pro Door Controller

CVE-2024-32752

Weakness Enumeration

Related Identifiers

Affected Products

References · 12