428 matches found
Johnson Controls ExacqVision Web Server Inadequate Encryption Strength (JCI-PSA-2024-14)
The version of the Johnson Controls exacqVision Web Server running on the remote host is affected by an inadequate encryption strength vulnerability. Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange. Note...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on August 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-214-01 Johnson Controls exacqVision Client and exacqVision Server ICSA-24-214-02 Johnso...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Web Service Vulnerability : Use of GET Request Method With Sensitive Query Strings 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...
Johnson Controls exacqVision client and exacqVision server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Client, exacqVision Server key Vulnerability : Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Johnson Controls exacqVision Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Server Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a...
Johnson Controls exacqVision Server web service
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Web Service Vulnerability : Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Johnson Controls Illustra Pro Gen 4 Security Vulnerability
Johnson Controls Illustra Pro Gen 4 is a series of surveillance probes from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Illustra Pro Gen 4 Camera SS016.05.03.01.0010 and prior versions, which stems from a dependency on vulnerable third-party components...
CVE-2024-32759 Johnson Controls Software House C●CURE 9000 installer password strength
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials...
CVE-2024-32759 Johnson Controls Software House C●CURE 9000 installer password strength
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials...
Johnson Controls Software House C CURE 9000 Security Breach
Johnson Controls Software House C CURE 9000 is an access control system from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Software House C CURE 9000 that stems from the installation program using weak credentials...
Johnson Controls Inc. Software House C●CURE 9000 (Update B)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House C●CURE 9000 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...
Johnson Controls Illustra Pro Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : Illustra Pro Gen 4 Vulnerability : Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality...
CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information
Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...
CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information
Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...
PT-2024-24827 · Johnson Controls · Kt1 +2
Name of the Vulnerable Software and Affected Versions: KT1, KT2, and KT400 controllers affected versions not specified Description: The issue concerns the broadcasting of sensitive information when the controller is in factory reset mode. Specifically, the controller broadcasts its MAC address,...
Johnson Controls Kantech Door Controllers
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION : Exploitable via adjacent network Vendor : Johnson Controls, Inc. Equipment : Kantech KT1, KT2, KT400 Door Controllers Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of...
Johnson Controls Illustra Essentials Gen 4 Security Vulnerability
Johnson Controls Illustra Essentials Gen 4 is a bullet camera from Johnson Controls USA. A security vulnerability exists in Johnson Controls Illustra Essentials Gen 4 Illustra.Ess4.01.02.10.5982 and prior versions, which stems from the fact that Linux user credentials can be recovered by an...
PT-2024-24987 · Johnson Controls · American Dynamics Illustra Essentials Gen 4 +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: affected versions not specified Description: The issue allows an authenticated user to recover another user's credentials under certain circumstances. Recommendations: At the moment, there is n...