Lucene search
K

428 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/09 12:0 a.m.30 views

Johnson Controls ExacqVision Web Server Inadequate Encryption Strength (JCI-PSA-2024-14)

The version of the Johnson Controls exacqVision Web Server running on the remote host is affected by an inadequate encryption strength vulnerability. Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange. Note...

9CVSS5.5AI score0.00438EPSS
Exploits0References3
CISA
CISA
added 2024/08/01 12:0 p.m.7 views

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on August 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-214-01 Johnson Controls exacqVision Client and exacqVision Server ICSA-24-214-02 Johnso...

7AI score
Exploits0References9
ICS
ICS
added 2024/08/01 6:0 a.m.26 views

Johnson Controls exacqVision Web Service

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Web Service Vulnerability : Use of GET Request Method With Sensitive Query Strings 2. RISK EVALUATION Successful exploitation of this vulnerability could...

5.7CVSS6.7AI score0.00376EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.17 views

Johnson Controls exacqVision Web Service

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

8.1CVSS7.4AI score0.00222EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.19 views

Johnson Controls exacqVision Web Service

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...

8.8CVSS8.2AI score0.00204EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.17 views

Johnson Controls exacqVision client and exacqVision server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Client, exacqVision Server key Vulnerability : Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

9CVSS7.6AI score0.00438EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.37 views

Johnson Controls exacqVision Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Server Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a...

7.3CVSS6.8AI score0.00131EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.19 views

Johnson Controls exacqVision Server web service

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Web Service Vulnerability : Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

8.1CVSS7.5AI score0.00431EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

Johnson Controls Illustra Pro Gen 4 Security Vulnerability

Johnson Controls Illustra Pro Gen 4 is a series of surveillance probes from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Illustra Pro Gen 4 Camera SS016.05.03.01.0010 and prior versions, which stems from a dependency on vulnerable third-party components...

7CVSS6.8AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/10 5:43 p.m.12 views

CVE-2024-32759 Johnson Controls Software House C●CURE 9000 installer password strength

Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials...

7.7CVSS7AI score0.00419EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/10 5:43 p.m.24 views

CVE-2024-32759 Johnson Controls Software House C●CURE 9000 installer password strength

Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials...

7.7CVSS0.00419EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.6 views

Johnson Controls Software House C CURE 9000 Security Breach

Johnson Controls Software House C CURE 9000 is an access control system from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Software House C CURE 9000 that stems from the installation program using weak credentials...

7.7CVSS6.9AI score0.00419EPSS
Exploits0References3
ICS
ICS
added 2024/07/09 6:0 a.m.26 views

Johnson Controls Inc. Software House C●CURE 9000 (Update B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House C●CURE 9000 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

7.8CVSS6.6AI score0.00148EPSS
Exploits0References10
ICS
ICS
added 2024/07/09 6:0 a.m.18 views

Johnson Controls Illustra Pro Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : Illustra Pro Gen 4 Vulnerability : Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality...

7CVSS6.4AI score0.00405EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/07/04 10:43 a.m.17 views

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

3.1CVSS7AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/04 10:43 a.m.25 views

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

3.1CVSS0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/04 12:0 a.m.5 views

PT-2024-24827 · Johnson Controls · Kt1 +2

Name of the Vulnerable Software and Affected Versions: KT1, KT2, and KT400 controllers affected versions not specified Description: The issue concerns the broadcasting of sensitive information when the controller is in factory reset mode. Specifically, the controller broadcasts its MAC address,...

3.1CVSS6.9AI score0.00222EPSS
Exploits0References6
ICS
ICS
added 2024/07/02 6:0 a.m.20 views

Johnson Controls Kantech Door Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION : Exploitable via adjacent network Vendor : Johnson Controls, Inc. Equipment : Kantech KT1, KT2, KT400 Door Controllers Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of...

3.1CVSS4.4AI score0.00222EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.4 views

Johnson Controls Illustra Essentials Gen 4 Security Vulnerability

Johnson Controls Illustra Essentials Gen 4 is a bullet camera from Johnson Controls USA. A security vulnerability exists in Johnson Controls Illustra Essentials Gen 4 Illustra.Ess4.01.02.10.5982 and prior versions, which stems from the fact that Linux user credentials can be recovered by an...

6.8CVSS6.7AI score0.00353EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.10 views

PT-2024-24987 · Johnson Controls · American Dynamics Illustra Essentials Gen 4 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: affected versions not specified Description: The issue allows an authenticated user to recover another user's credentials under certain circumstances. Recommendations: At the moment, there is n...

6.8CVSS6.8AI score0.00384EPSS
Exploits0References3
Rows per page
Query Builder