Primary

Context

Johnson Controls iSTAR Configuration Utility Memory Leak Vulnerability Allowing Unauthorized Data Exposure

Vulnerability

A vulnerability exists in the Johnson Controls iSTAR Configuration Utility (ICU) tool, all versions prior to 6.9.5, that causes a memory leak. This leak could unintentionally expose unauthorized data from the Windows PC running the ICU tool. The vulnerability affects only legacy iSTAR products and not the current iSTAR Ultra or iSTAR G2 series controllers.

Impact

Exploitation of this vulnerability could lead to unauthorized access to leaked memory data from the Windows PC running the ICU tool.

Remediation

Users are advised to update the iSTAR Configuration Utility (ICU) tool to version 6.9.5 or greater. For more detailed mitigation instructions, refer to the Johnson Controls Product Security Advisory JCI-PSA-2025-06.

Added: Jun 11, 2025, 4:17 PM

Updated: Jun 11, 2025, 4:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Johnson Controls iSTAR Configuration Utility Memory Leak Vulnerability Allowing Unauthorized Data Exposure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating