6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.1%
All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
www.cisa.gov/uscert/ics/advisories/icsa-22-298-05
www.johnsoncontrols.com/cyber-solutions/security-advisories