Vulnerability in Johnson Controls Quantum Hd Unity Acuair
CVE-2023-4804
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
EPSS: 0.008 (52.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Johnson Controls Quantum Hd Unity Acuair — versions 0
- Johnson Controls Quantum Hd Unity Compressor — versions 0
- Johnson Controls Quantum Hd Unity Condenser/vessel — versions 0
- Johnson Controls Quantum Hd Unity Engine Room — versions 0
- Johnson Controls Quantum Hd Unity Evaporator — versions 0
- Johnson Controls Quantum Hd Unity Interface — versions 0
- Johnsoncontrols Quantum_hd_unity_acuair
- Johnsoncontrols Quantum_hd_unity_acuair_firmware
- Johnsoncontrols Quantum_hd_unity_compressor
- Johnsoncontrols Quantum_hd_unity_compressor_firmware
Weakness classification (CWE)
References
- productsecurity@jci.com (Vendor Advisory)
- productsecurity@jci.com (US Government Resource, Third Party Advisory)
Frequently asked questions
- What is CVE-2023-4804?
- CVE-2023-4804 is a critical-severity vulnerability in Johnson Controls Quantum Hd Unity Acuair, classified under Active Debug Code. CVSS score: 10.0/10. Published 2023-11-10.
- How severe is CVE-2023-4804?
- Critical severity. CVSS v3 base score is 10.0 out of 10.