CVE-2025-61738
📋 TL;DR
This vulnerability allows attackers to capture the PowerG network key and read or write encrypted packets on PowerG wireless networks. It affects Johnson Controls PowerG wireless security and building automation systems that use vulnerable PowerG transceivers.
💻 Affected Systems
- Johnson Controls PowerG wireless transceivers and compatible devices
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of PowerG wireless security systems allowing unauthorized access, disabling of alarms, manipulation of building controls, and physical security breaches.
Likely Case
Unauthorized access to secured areas, disabling of alarm systems, or manipulation of building automation controls.
If Mitigated
Limited impact if network segmentation, monitoring, and physical security controls prevent attacker access to wireless signals.
🎯 Exploit Status
Requires specialized RF equipment and knowledge of PowerG protocol; physical proximity to wireless signals needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact Johnson Controls for specific firmware updates
Vendor Advisory: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Restart Required: Yes
Instructions:
1. Contact Johnson Controls for firmware updates
2. Schedule maintenance window for device updates
3. Update firmware on all affected PowerG devices
4. Verify successful update and functionality
🔧 Temporary Workarounds
Physical Security Enhancement
allRestrict physical access to areas where PowerG wireless signals can be intercepted
Network Segmentation
allIsolate PowerG networks from other critical systems
🧯 If You Can't Patch
- Implement enhanced physical security controls around wireless devices
- Deploy wireless intrusion detection systems to monitor for unauthorized PowerG activity
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against Johnson Controls security advisoryCheck Version:
Check device firmware through Johnson Controls system interface or device management toolsVerify Fix Applied:
Verify firmware version has been updated to patched version from vendor📡 Detection & Monitoring
Log Indicators:
- Unauthorized device pairings
- Unexpected wireless communication patterns
- Failed authentication attempts on PowerG network
Network Indicators:
- Unusual PowerG protocol traffic patterns
- RF signals indicating wireless interception attempts
SIEM Query:
Search for PowerG device authentication failures or unauthorized pairing events