Primary

Context

Johnson Controls iSTAR Configuration Utility Stack-Based Buffer Overflow Vulnerability

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Johnson Controls iSTAR Configuration Utility (ICU) tool, specifically in versions prior to 6.9.5. Under certain circumstances, this vulnerability could allow an attacker to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution.

Remediation

Users are advised to upgrade the iSTAR Configuration Utility to version 6.9.5 or greater. For more detailed mitigation instructions, refer to the Johnson Controls Product Security Advisory JCI-PSA-2025-04.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Johnson Controls iSTAR Configuration Utility Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating