Johnson Controls PowerG, IQPanel and IQHub Nonce Reuse Vulnerability Allowing Replay Attacks and Packet Decryption

Vulnerability

A vulnerability exists in Johnson Controls PowerG, IQPanel and IQHub products, all versions, due to nonce reuse. This flaw enables attackers to perform replay attacks or decrypt intercepted packets, potentially compromising the confidentiality and integrity of the communication.

Impact

Exploitation of this vulnerability could allow an attacker to read or write encrypted traffic or perform a replay attack.

Added: Dec 22, 2025, 11:19 AM

Updated: Dec 22, 2025, 11:19 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.1

exploitability

4.3

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.1

exploitability

4.3

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Johnson Controls PowerG, IQPanel and IQHub Nonce Reuse Vulnerability Allowing Replay Attacks and Packet Decryption

Vulnerability

Impact

Affected Products

Johnson Controls IQPanel 4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating