CVE-2024-0242: Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub
First published: Thu Feb 08 2024(Updated: )
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
Credit: productsecurity@jci.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Johnsoncontrols Qolsys Iq Panel 4 Firmware | <4.4.2 | |
| Johnsoncontrols Qolsys Iq Panel 4 | ||
| All of | ||
| Johnsoncontrols Qolsys Iq4 Hub Firmware | <4.4.2 | |
| Johnsoncontrols Qolsys Iq4 Hub |
Remedy
Upgrade IQ Panel 4 to version 4.4.2.
Remedy
Upgrade IQ4 Hub to version 4.4.2.
Remedy
The firmware can be updated remotely to all available devices in the field.
Remedy
The firmware update can also be manually loaded by applying the patch tag “iqpanel4.4.2” on the device after navigating to its firmware update page.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/johnsoncontrols
- canonical/johnsoncontrols qolsys iq panel 4 firmware
- canonical/johnsoncontrols qolsys iq panel 4
- canonical/johnsoncontrols qolsys iq4 hub firmware
- canonical/johnsoncontrols qolsys iq4 hub