CVE-2025-26379 - Vulnerability Details - OpenCVE

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

History

Mon, 22 Dec 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 22 Dec 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
Title		Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator
Weaknesses		CWE-338
References		https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Metrics		cvssV4_0 `{'score': 7.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: jci

Published: 2025-12-22T14:21:29.597Z

Updated: 2025-12-22T16:19:25.130Z

Reserved: 2025-02-07T14:15:53.879Z

Link: CVE-2025-26379

Vulnrichment

Updated: 2025-12-22T16:19:19.954Z

NVD

Status : Received

Published: 2025-12-22T15:16:00.070

Modified: 2025-12-22T15:16:00.070

Link: CVE-2025-26379

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-26379", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "state": "PUBLISHED", "assignerShortName": "jci", "dateReserved": "2025-02-07T14:15:53.879Z", "datePublished": "2025-12-22T14:21:29.597Z", "dateUpdated": "2025-12-22T16:19:25.130Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "2", "status": "affected", "version": "IQ Panels2", "versionType": "custom"}, {"lessThanOrEqual": "2+", "status": "affected", "version": "IQ Panel 2+", "versionType": "custom"}, {"status": "affected", "version": "IQHub", "versionType": "custom"}, {"lessThanOrEqual": "4.6.0", "status": "affected", "version": "IQPanel 4", "versionType": "custom"}, {"lessThanOrEqual": "53.02", "status": "affected", "version": "PowerG", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "James Chambersof NCC Group"}, {"lang": "en", "type": "finder", "value": "and Sultan Qasim Khan NCC Group"}], "datePublic": "2025-12-16T14:11:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.<br>"}], "value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets."}], "impacts": [{"capecId": "CAPEC-59", "descriptions": [{"lang": "en", "value": "CAPEC-59 Session Credential Falsification through Prediction"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.2, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2025-12-22T14:21:29.597Z"}, "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i<br>b. Devices that support PowerG+ should use PowerG v53.05 or later. <br>c. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process<br>d. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater<br><br>"}], "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater"}], "source": {"discovery": "UNKNOWN"}, "title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T16:19:13.074335Z", "id": "CVE-2025-26379", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:19:25.130Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26379", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-22T16:19:13.074335Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:19:19.954Z"}}], "cna": {"title": "Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "James Chambersof NCC Group"}, {"lang": "en", "type": "finder", "value": "and Sultan Qasim Khan NCC Group"}], "impacts": [{"capecId": "CAPEC-59", "descriptions": [{"lang": "en", "value": "CAPEC-59 Session Credential Falsification through Prediction"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Johnson Controls", "product": "IQ Panels2, 2+, IQHub, IQPanel 4, PowerG", "versions": [{"status": "affected", "version": "IQ Panels2", "versionType": "custom", "lessThanOrEqual": "2"}, {"status": "affected", "version": "IQ Panel 2+", "versionType": "custom", "lessThanOrEqual": "2+"}, {"status": "affected", "version": "IQHub", "versionType": "custom"}, {"status": "affected", "version": "IQPanel 4", "versionType": "custom", "lessThanOrEqual": "4.6.0"}, {"status": "affected", "version": "PowerG", "versionType": "custom", "lessThanOrEqual": "53.02"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i\nb. Devices that support PowerG+ should use PowerG v53.05 or later. \nc. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process\nd. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater", "supportingMedia": [{"type": "text/html", "value": "a. Update IQ Panel 4\u2019s to version 4.6.1/4.6.1i<br>b. Devices that support PowerG+ should use PowerG v53.05 or later. <br>c. During the installation or enrollment of PowerG+ devices, enter the PIN code in the PIN Code field on the sensor enrollment screen. For additional security, Johnson Controls recommends only authorized company personnel or integrators be present during the pairing process<br>d. Replace all End-of-Life Products (IQ Panel 2, IQ Panel 2+, IQ Hub) with the latest IQ Panel 4 using firmware version 4.6.1 or greater<br><br>", "base64": false}]}], "datePublic": "2025-12-16T14:11:00.000Z", "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.", "supportingMedia": [{"type": "text/html", "value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2025-12-22T14:21:29.597Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26379", "state": "PUBLISHED", "dateUpdated": "2025-12-22T16:19:25.130Z", "dateReserved": "2025-02-07T14:15:53.879Z", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "datePublished": "2025-12-22T14:21:29.597Z", "assignerShortName": "jci"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets."}], "id": "CVE-2025-26379", "lastModified": "2025-12-22T15:16:00.070", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productsecurity@jci.com", "type": "Secondary"}]}, "published": "2025-12-22T15:16:00.070", "references": [{"source": "productsecurity@jci.com", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"}, {"source": "productsecurity@jci.com", "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}], "sourceIdentifier": "productsecurity@jci.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-338"}], "source": "productsecurity@jci.com", "type": "Secondary"}]}