Johnson Controls PowerG, IQPanel and IQHub Authentication Vulnerability Allowing Denial-of-Service and Configuration Modification

Vulnerability

An authentication vulnerability has been identified in Johnson Controls PowerG, IQPanel and IQHub products. This issue arises because the source of packets is not properly verified, potentially enabling an attacker to cause a denial-of-service condition or alter the device's configuration. The vulnerability affects multiple versions of PowerG, IQPanel 2, IQPanel 2+, IQPanel 4 and IQHub.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of device configurations or the creation of a denial-of-service condition.

Added: Dec 22, 2025, 3:18 PM

Updated: Dec 22, 2025, 3:18 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.1

exploitability

4.7

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.1

exploitability

4.7

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Johnson Controls PowerG, IQPanel and IQHub Authentication Vulnerability Allowing Denial-of-Service and Configuration Modification

Vulnerability

Impact

Affected Products

Johnson Controls IQPanel 4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating