Primary

Context

Johnson Controls iSTAR Ultra OS Command Injection Vulnerability Granting Root Access

Vulnerability

An OS command injection vulnerability has been identified in the web application of Johnson Controls iSTAR Ultra products, including iSTAR Ultra SE and iSTAR Ultra G2. This vulnerability allows an authenticated attacker to execute commands on the device's operating system with 'root' privileges, potentially leading to unauthorized access or manipulation of the device firmware. The issue has been tested and confirmed on iSTAR Ultra firmware versions through 6.9.2, with later versions possibly also affected.

Impact

Exploitation of this vulnerability allows for authenticated command injection via HTTP, with injected OS commands executed as the 'root' user on the device.

Added: Jul 28, 2025, 2:17 PM

Updated: Jul 28, 2025, 2:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

8.3

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

8.3

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Johnson Controls iSTAR Ultra OS Command Injection Vulnerability Granting Root Access

Vulnerability

Impact

Affected Products

Johnson Controls iSTAR Ultra

Johnson Controls iSTAR Ultra G2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating