Claroty Team82 has analyzed a sample of a new cyberweapon called IOCONTROL. The malware is a Linux-based backdoor with a modular configuration that can be modified to target IoT, OT, and SCADA systems.
Hardcoded credentials in the Frick Controls Quantum HD create a vulnerability that leads to unauthorized access, exposure of sensitive information, and potential misuse or system compromise.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 6.2
The Frick Controls Quantum HD contains a vulnerability that allows an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 7.5
The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 9.1
The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 9.1
The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 9.1
