English | US

Sorry, there are no results matching your terms. Maybe these will help?

    Product Security Advisories

    Mission Statement: Carrier endeavors to ensure that validation, analysis, and mitigation of findings are proactively communicated in a responsible manner. The Carrier PSIRT Plan prepares and discloses product security advisory publications to acknowledge the reporters, vulnerabilities, impacts, and mitigations of the reported incidents.

    Report an incident
    Advisory IDCVE RecordICSA RecordAffected ProductSummaryPublishedUpdated
    CARR-PSA-2025-03CVE-2024-5539 CVE-2024-5540Not ApplicableAutomated Logic WebCTRL, Carrier i-VuIncorrect Authorization, Improper Neutralization of InputNovember 26, 2025November 26, 2025
    CARR-PSA-2025-05CVE-2025-0657Not ApplicableAutomated Logic WebCTRL, Carrier i-VuImproper Validation, Uncaught ExceptionNovember 26, 2025November 26, 2025
    CARR-PSA-2025-06CVE-2025-0658Not ApplicableAutomated Logic and Carrier Zone ControllersImproper Input ValidationNovember 26, 2025November 26, 2025
    CARR-PSA-2025-04CVE-2024-8527, CVE-2024-8528ICSA-25-324-01Automated Logic WebCTRL, Carrier i-VuOpen Redirect, Improper Neutralization of InputNovember 18, 2025November 18, 2025
    CARR-PSA-2025-02CVE-2025-9494 CVE-2025-9495ICSA-25-266-04Vitogate 300Viessmann Vitogate 300 vulnerabilitiesSeptember 22, 2025September 22, 2025
    CARR-PSA-2025-01CVE-2024-10930ICSA-25-063-01Carrier Block LoadUncontrolled Search Path Element vulnerabilityMarch 4, 2025March 4, 2025
    CARR-PSA-2024-04CVE-2024-8525CVE-2024-8526ICSA-24-326-01Automated Logic WebCTRL & Carrier i-VuUnrestricted File Upload and Open Redirect vulnerabilitiesNovember 21, 2024November 21, 2024
    CARR-PSA-2024-03CVE-2023-5222CVE-2023-5702CVE-2023-45852ICSA-24-254-01Viessmann Vitogate 300Viessmann Vitogate 300 vulnerabilitiesSeptember 10, 2024September 10, 2024
    CARR-PSA-013-0623Not ApplicableNot ApplicableCarrier Global Product Security AdvisoryProgress Software MOVEit vulnerabilitiesJune 26, 2023June 26, 2023
    CARR-PSA-010-0123Not ApplicableNot ApplicableCarrier Global Product Security AdvisoryApache Shiro authentication bypass vulnerabilitiesJan 20, 2023Jan 20, 2023
    CARR-PSA-008-1122Not ApplicableNot ApplicableCarrier Global Product Security AdvisoryOpenSSL 3.0 vulnerabilitiesNov 4, 2022Nov 4, 2022
    CARR-PSA-007-1122Not ApplicableNot ApplicableCarrier Global Product Security AdvisoryText4Shell Remote code execution vulnerabilityNov 4, 2022Dec 16, 2022
    CARR-PSA-005-0422Not ApplicableNot ApplicableCarrier Global Product Security AdvisorySpring4Shell Remote code execution vulnerabilityApril 7, 2022April 7, 2022
    CARR-PSA-004-0322Not ApplicableNot ApplicableCarrier Global Product Security AdvisoryOkta - Lapsus$ Compromise summaryMarch 30, 2022April 7, 2022
    CARR-PSA-003-1221Not ApplicableNot ApplicableCarrier Global Product Security AdvisoryLog4j Remote code execution vulnerabilitiesDec 20, 2021Jan 20, 2022
    CARR-PSA-002-1121CVE-2022-1318CVE-2022-26519ICSA-22-109-01Hills ComNavWeak authentication and communication channel vulnerabilitiesNov 1, 2021April 19, 2022
    CARR-PSA-001-1121CVE-2022-1019ICSA-22-109-02Automated Logic WebCTRL & Carrier i-VuOpen redirect vulnerabilityNov 1, 2021April 19, 2022