Home

Description

Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.

PUBLISHED Reserved 2025-09-30 | Published 2025-12-17 | Updated 2025-12-17 | Assigner jci




HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-298-Improper Validation of certificate expiration

Product status

Default status
affected

iSTAR All versions prior to TLS 1.2
affected

References

www.johnsoncontrols.com/...cybersecurity/security-advisories

www.cisa.gov/news-events/ics-advisories/icsa-25-338-04

cve.org (CVE-2025-61736)

nvd.nist.gov (CVE-2025-61736)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.