Johnson Controls PowerG, IQPanel and IQHub Weak Pseudo-Random Number Generator Vulnerability

Vulnerability

A vulnerability exists in Johnson Controls PowerG, IQPanel and IQHub products due to the use of a weak pseudo-random number generator. This flaw may enable an attacker to read or inject encrypted PowerG packets. The affected products include PowerG, IQHub, IQPanel 2, IQPanel 2+, and IQPanel 4.

Impact

Exploitation of this vulnerability could allow an attacker to read or write encrypted PowerG traffic, or to perform a replay attack.

Added: Dec 22, 2025, 3:19 PM

Updated: Dec 22, 2025, 3:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Johnson Controls PowerG, IQPanel and IQHub Weak Pseudo-Random Number Generator Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating