These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-26386 is a Johnson Controls iSTAR Configuration Utility (ICU) tool vulnerability with a CVSS 3.1 score of 7.1 (High). According to the CISA CSAF advisory, successful exploitation under certain circumstances could cause failure in the operating system of the machine hosting the ICU tool. Johnson Controls recommends updating the ICU tool to version 6.9.8.
CVE-2025-61739 is a Johnson Controls advisory affecting PowerG, IQHub, IQPanel 2, IQPanel 2+, and IQPanel 4. CISA says the weakness is nonce reuse, which may let an attacker replay traffic or decrypt captured packets. The advisory was published on 2025-12-16 and updated on 2026-03-05 with additional mitigation details.
CVE-2025-61736 is a medium-severity availability issue affecting Johnson Controls iSTAR products when the default certificate used to connect to the C•CURE Server expires. Under the described conditions, the panel may fail to re-establish communication, which can interrupt normal operation until certificate-related remediation is applied. CISA published the advisory on 2025-12-04 UTC, and the supplied cor [truncated]