CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-21941

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.027

EPSS Ranking 85.4%

CVSS Severity

CVSS v3 Score 10.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-11
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-11
https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Products affected by CVE-2022-21941

Johnsoncontrols » Istar Ultra » Version: N/A

cpe:2.3:h:johnsoncontrols:istar_ultra:-
Johnsoncontrols » Istar Ultra Firmware » Version: N/A

cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:-
Johnsoncontrols » Istar Ultra Firmware » Version: 6.8.6

cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:6.8.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-21941

Products

Pricing

Contact Us