{ "id": "CVE-2023-4804", "sourceIdentifier": "productsecurity@jci.com", "published": "2023-11-10T23:15:07.743", "lastModified": "2023-11-16T17:45:01.533", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An\u00a0unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed." }, { "lang": "es", "value": "Un usuario no autorizado podr\u00eda acceder a las funciones de depuraci\u00f3n de los productos Quantum HD Unity que quedaron expuestos accidentalmente." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "productsecurity@jci.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] }, { "source": "productsecurity@jci.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-489" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.00", "versionEndExcluding": "11.22", "matchCriteriaId": "F1B48F7F-42AA-45AA-8FC7-F93FA3136139" }, { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.00", "versionEndExcluding": "12.22", "matchCriteriaId": "2017C20F-3D16-4848-A0EF-42B4B4EBE345" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_compressor:-:*:*:*:*:*:*:*", "matchCriteriaId": "640BFA18-318D-41FA-BBE1-C91234A25A1B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.00", "versionEndExcluding": "11.12", "matchCriteriaId": "A7E3C78C-D372-4CF3-BA1B-3F2DF3EDF364" }, { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.00", "versionEndExcluding": "12.12", "matchCriteriaId": "607F1C13-830D-4B8D-8BCF-42A8AEDB3147" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_acuair:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EC4238A-8CE2-4DBE-BAE5-9E687725CCB2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\\/vessel_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.00", "versionEndExcluding": "11.11", "matchCriteriaId": "A84D6C4C-55F8-4E99-9BFC-F1C4E554F933" }, { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\\/vessel_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.00", "versionEndExcluding": "12.11", "matchCriteriaId": "E69F5AF9-715A-4AAB-BCB2-5B8AEE775BE6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_condenser\\/vessel:-:*:*:*:*:*:*:*", "matchCriteriaId": "1139B733-1714-4111-B53C-4644A736B734" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.00", "versionEndExcluding": "11.11", "matchCriteriaId": "1CE01D66-6D85-4685-87D7-CA3A8D976412" }, { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.00", "versionEndExcluding": "12.11", "matchCriteriaId": "29520C3D-1083-47BE-9B61-652579E28867" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_evaporator:-:*:*:*:*:*:*:*", "matchCriteriaId": "769190A6-EF60-470F-B308-64DDD4D96C79" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.00", "versionEndExcluding": "11.11", "matchCriteriaId": "02F0D946-8D1D-42E2-8C55-2D9098AFC9E2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.00", "versionEndExcluding": "12.11", "matchCriteriaId": "C3AACE2F-4103-40FC-B1A5-79657AC808FE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_engine_room:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC48EFE2-04CD-491E-A127-E4F4370C202D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_interface_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.00", "versionEndExcluding": "11.11", "matchCriteriaId": "5A617CBC-3B72-46EC-B7B6-F51EFC1CD0E2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_interface_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.00", "versionEndExcluding": "12.11", "matchCriteriaId": "27A27741-45EE-4F9F-98F2-260804055A19" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_interface:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C0E1361-A1D8-43AD-B0C7-9D54049DF6A8" } ] } ] } ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01", "source": "productsecurity@jci.com", "tags": [ "Third Party Advisory", "US Government Resource" ] }, { "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "source": "productsecurity@jci.com", "tags": [ "Vendor Advisory" ] } ] }