CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2026/05/06 6:30 p.m.•2 views

EUVD-2026-27865

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...

8.4CVSS5.8AI score0.00017EPSS

Exploits0References2

NVD•added 2026/05/06 5:16 p.m.•6 views

CVE-2026-21661

8.4CVSS0.00017EPSS

Exploits0References1

Cvelist•added 2026/05/06 4:21 p.m.•29 views

CVE-2026-21661 AC2000 Uncontrolled Search Path Element

8.4CVSS0.00017EPSS

Exploits0References1

CVE•added 2026/05/06 4:21 p.m.•8 views

CVE-2026-21661

The CVE-2026-21661 entry concerns Johnson Controls AC2000 on Windows with an Uncontrolled Search Path Element/vulnerability that, per connected sources, is exploited via DLL hijacking. Affected behavior allows a standard user to escalate privileges on the host by manipulating configuration/file s...

8.4CVSS5.8AI score0.00017EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-14409

Malware in sbrugna...

9.8CVSS9.2AI score0.00727EPSS

Exploits0References3

ICS•added 2021/11/30 12:0 a.m.•40 views

Johnson Controls CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.8CVSS8.1AI score0.92579EPSS

Exploits81References5

NVD•added 2021/08/30 6:15 p.m.•12 views

CVE-2021-27663

A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5...

9.8CVSS0.00727EPSS

Exploits0References2

OSV•added 2021/08/30 6:15 p.m.•0 views

CVE-2021-27663

9.8CVSS5.8AI score

Exploits0References2

Prion•added 2021/08/30 6:15 p.m.•21 views

Authorization

9.3CVSS9.3AI score0.00727EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/08/30 4:37 p.m.•12 views

CVE-2021-27663 CEM Systems AC2000

8.2CVSS9.5AI score0.00727EPSS

Exploits0References2

CVE•added 2021/08/30 4:37 p.m.•39 views

CVE-2021-27663

Johnson Controls CEM Systems AC2000 is affected for versions 10.1–10.5. The issue is improper authorization that can allow a remote attacker to access the system without adequate authentication. Affected component is the AC2000 application (and related API/SSO context per ICS evidence). Impact is...

9.8CVSS9AI score0.00727EPSS

Exploits0References2Affected Software1

ICS•added 2021/08/26 12:0 a.m.•52 views

Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Controlled Electronic Management Systems Ltd., a subsidiary of Johnson Controls Inc Equipment: CEM Systems AC2000 Vulnerability: Improper Authorization 2. RISK EVALUATION Under specific conditions,...

9.8CVSS9.2AI score0.00727EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by