CVE-2025-26381 OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly FM Systems)

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information...

CVE-2025-26381

CVE-2025-26381 affects Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace (versions 2025.1.2 and earlier). The vulnerability is described as a Direct Request (forced browsing) issue that could allow an attacker to access sensitive information without authentication. Publicly ...

CVE-2025-26381 OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly FM Systems)

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information...

Johnson Controls OpenBlue Workplace 安全漏洞

Johnson Controls OpenBlue Workplace is a smart office space management platform from Johnson Controls USA. A security vulnerability exists in Johnson Controls OpenBlue Workplace. An attacker exploiting the vulnerability could gain access to sensitive information...

PT-2025-49245

Name of the Vulnerable Software and Affected Versions Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior Description Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior are susceptible to a Direct...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-338-01 Mitsubishi Electric GX Works2 ICSA-25-338-02 MAXHUB Pivot ICSA-25-338-03 Johnson Controls OpenBlue...

Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

EUVD-2023-33552

Malicious code in bioql PyPI...

EUVD-2023-33551

Malicious code in bioql PyPI...

CVE-2023-2024

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances...

CVE-2023-2025

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...

CVE-2023-2025

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...

CVE-2023-2024

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances...

Design/Logic Flaw

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...

Authentication flaw

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances...

CVE-2023-2025 Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...

CVE-2023-2025

OpenBlue Enterprise Manager Data Collector (Johnson Controls) firmware prior to 3.2.5.75 is affected. The ICS/NVD entries describe two related issues: (1) Improper authentication (CWE-287) where API calls may not require authentication, and (2) exposure of sensitive information to an unauthorized...

CVE-2023-2025 Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...

CVE-2023-2024 Improper Authentication for OpenBlue Enterprise Manager Data Collector

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances...

CVE-2023-2024

OpenBlue Enterprise Manager Data Collector (Johnson Controls) is affected when running firmware versions prior to 3.2.5.75. The vulnerability is described as improper authentication, allowing an unauthorized user to perform API calls under certain circumstances. The advisory details indicate that...