3 matches found
Johnson Controls OpenBlue Enterprise Manager Data Collector
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Enterprise Manager Data Collector Vulnerabilities: Improper Authentication, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...
CVE-2023-2025
OpenBlue Enterprise Manager Data Collector (Johnson Controls) firmware prior to 3.2.5.75 is affected. The ICS/NVD entries describe two related issues: (1) Improper authentication (CWE-287) where API calls may not require authentication, and (2) exposure of sensitive information to an unauthorized...
CVE-2023-2025 Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...