CVE-2023-4804

Quantum HD Unity

Description

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

Solution:

Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).
Update all Quantum HD Unity AcuAir control panels to firmware version 11.12 (Q5) or 12.12 (Q6).
Update all Quantum HD Unity Condenser/Vessel control panels to firmware version 11.11 (Q5) or 12.11 (Q6).
Update all Quantum HD Unity Evaporator control panels to firmware version 11.11 (Q5) or 12.11 (Q6).
Update all Quantum HD Unity Engine Room control panels to firmware version 11.11 (Q5) or 12.11 (Q6).
Update all Quantum HD Unity Interface control panels to firmware version 11.11 (Q5) or 12.11 (Q6).

Link	Tags
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	vendor advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01	third party advisory us government resource

What is the severity of CVE-2023-4804?: CVE-2023-4804 has been scored as a critical severity vulnerability.
How to fix CVE-2023-4804?: To fix CVE-2023-4804: Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).
Is CVE-2023-4804 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-4804 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-4804?: CVE-2023-4804 affects Johnson Controls Quantum HD Unity Compressor, Johnson Controls Quantum HD Unity AcuAir, Johnson Controls Quantum HD Unity Condenser/Vessel, Johnson Controls Quantum HD Unity Evaporator, Johnson Controls Quantum HD Unity Engine Room, Johnson Controls Quantum HD Unity Interface.