CVE-2021-27663
Johnson Controls CEM Systems AC2000 is affected for versions 10.1–10.5. The issue is improper authorization that can allow a remote attacker to access the system without adequate authentication. Affected component is the AC2000 application (and related API/SSO context per ICS evidence). Impact is...