Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.7
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Johnson Controls
• Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2
• Vulnerabilities: OS Command Injection, Insufficient Verification of Data Authenticity, Use of Default Credentials, Missing Protection Mechanism for Alternate Hardware Interface, Insecure Storage of Sensitive Information

2. RISK EVALUATION

Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Software House iSTAR Ultra and Edge door controllers are affected:

• iSTAR Ultra: Versions 6.9.2.CU02 and prior (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700)
• iSTAR Ultra SE: Versions 6.9.2.CU02 and prior (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700)
• iSTAR Ultra G2: Versions 6.9.2.CU02 and prior (CVE-2025-53695, CVE-2025-53697, CVE-2025-53700)
• iSTAR Ultra G2 SE: Versions 6.9.2.CU02 and prior (CVE-2025-53695, CVE-2025-53697, CVE-2025-53700)
• iSTAR Edge G2: Versions 6.9.2.CU02 and prior (CVE-2025-53695, CVE-2025-53697, CVE-2025-53700)
• iSTAR Ultra: All versions (CVE-2025-53698, CVE-2025-53699)
• iSTAR Ultra SE: All versions (CVE-2025-53698, CVE-2025-53699)
• iSTAR Ultra G2: All versions (CVE-2025-53699)
• iSTAR Ultra G2 SE: All versions (CVE-2025-53699)
• iSTAR Edge G2: All versions (CVE-2025-53699)

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (‘OS COMMAND INJECTION’) CWE-78

OS command injection in iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, Edge G2 versions 6.9.2 and prior web application allows

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.