Skip to main content

PRODUCT SECURITY ADVISORIES

Mission Statement

CARRIER-17547P-roduct-Secuity-Web-Graphics-Carrier-Global-Product-Security-Program-Mission-Statement-150x150

Carrier endeavors to ensure that validation, analysis, and mitigation of findings are proactively communicated in a responsible manner.

The Carrier PSIRT Plan prepares and discloses product security advisory publications to acknowledge the reporters, vulnerabilities, impacts, and mitigations of the reported incidents.

Advisories & Disclosures

Advisory ID	CVE Record	ICSA Record	Affected Product	Summary	Published	Updated
CARR-PSA-2024-04	CVE-2024-8525 CVE-2024-8526	ICSA-24-326-01	Automated Logic WebCTRL & Carrier i-Vu	Unrestricted File Upload and Open Redirect vulnerabilities	November 21, 2024	November 21, 2024
CARR-PSA-2024-03	CVE-2023-5222 CVE-2023-5702 CVE-2023-45852	ICSA-24-254-01	Viessmann Vitogate 300	Viessmann Vitogate 300 vulnerabilities	September 10, 2024	September 10, 2024
CARR-PSA-013-0623	Not Applicable	Not Applicable	Carrier Global Product Security Advisory	Progress Software MOVEit vulnerabilities	June 26, 2023	June 26, 2023
CARR-PSA-010-0123	Not Applicable	Not Applicable	Carrier Global Product Security Advisory	Apache Shiro authentication bypass vulnerabilities	Jan 20, 2023	Jan 20, 2023
CARR-PSA-008-1122	Not Applicable	Not Applicable	Carrier Global Product Security Advisory	OpenSSL 3.0 vulnerabilities	Nov 4, 2022	Nov 4, 2022
CARR-PSA-007-1122	Not Applicable	Not Applicable	Carrier Global Product Security Advisory	Text4Shell Remote code execution vulnerability	Nov 4, 2022	Dec 16, 2022
CARR-PSA-005-0422	Not Applicable	Not Applicable	Carrier Global Product Security Advisory	Spring4Shell Remote code execution vulnerability	April 7, 2022	April 7, 2022
CARR-PSA-004-0322	Not Applicable	Not Applicable	Carrier Global Product Security Advisory	Okta - Lapsus$ Compromise summary	March 30, 2022	April 7, 2022
CARR-PSA-003-1221	Not Applicable	Not Applicable	Carrier Global Product Security Advisory	Log4j Remote code execution vulnerabilities	Dec 20, 2021	Jan 20, 2022
CARR-PSA-002-1121	CVE-2022-1318 CVE-2022-26519	ICSA-22-109-01	Hills ComNav	Weak authentication and communication channel vulnerabilities	Nov 1, 2021	April 19, 2022
CARR-PSA-001-1121	CVE-2022-1019	ICSA-22-109-02	Automated Logic WebCTRL & Carrier i-Vu	Open redirect vulnerability	Nov 1, 2021	April 19, 2022

PRODUCT CYBERSECURITY

REPORT AN INCIDENT