CVE-2023-3127:Authentication Bypass in Johnson Controls iSTAR Access Control Systems

splash
Back

Description Preview

CVE-2023-3127 affects Johnson Controls iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 access control systems. The vulnerability allows an unauthenticated user to bypass authentication and log into the systems with administrator privileges, potentially giving unauthorized users complete control over the physical access control infrastructure.

Overview

This vulnerability (CWE-287: Improper Authentication) in Johnson Controls iSTAR access control systems enables unauthorized users to log into the affected devices with administrator rights without proper authentication. The affected products are critical components in physical security infrastructures, controlling access to buildings and secure areas. An attacker exploiting this vulnerability could potentially gain full administrative control over the access control system, allowing them to modify access permissions, create unauthorized credentials, or disable security controls. This represents a significant security risk for organizations using these devices to secure their facilities.

Remediation

Organizations using affected iSTAR devices should:

  1. Apply firmware updates as soon as they become available from Johnson Controls
  2. Isolate affected devices on a separate network segment with strict access controls
  3. Implement network-level security controls to restrict access to the management interfaces
  4. Monitor system logs for unauthorized access attempts
  5. Contact Johnson Controls technical support for specific remediation guidance for your deployment
  6. Regularly check the Johnson Controls security advisory page for updates on patches and mitigations

References

  1. CISA ICS Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02
  2. Johnson Controls Security Advisories: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Retail Trade
    Retail Trade
  4. Public Administration
    Public Administration
  5. Finance and Insurance
    Finance and Insurance
  6. Transportation & Warehousing
    Transportation & Warehousing
  7. Educational Services
    Educational Services
  8. Other Services (except Public Administration)
    Other Services (except Public Administration)
  9. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  10. Utilities
    Utilities
  11. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  12. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  13. Construction
    Construction
  14. Management of Companies & Enterprises
    Management of Companies & Enterprises
  15. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  16. Accommodation & Food Services
    Accommodation & Food Services
  17. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  18. Information
    Information
  19. Mining
    Mining
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database