First published: Thu May 18 2023(Updated: )
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
Credit: productsecurity@jci.com
Affected Software | Affected Version | How to fix |
---|---|---|
Johnsoncontrols Openblue Enterprise Manager Data Collector | <3.2.5.75 | |
Johnson Controls Inc. OpenBlue Enterprise Manager Data Collector: Firmware versions prior to 3.2.5.75 |
Update all OpenBlue Enterprise Manager Data Collector firmware to version 3.2.5.75.
Contact your Customer Success Manager to obtain the update.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2024 is a vulnerability that allows unauthorized access to OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75.
CVE-2023-2024 has a severity rating of critical with a CVSS score of 7.5.
CVE-2023-2024 allows access to an unauthorized user in certain circumstances.
To mitigate CVE-2023-2024, update OpenBlue Enterprise Manager Data Collector to version 3.2.5.75 or later.
You can find more information about CVE-2023-2024 on the CISA website and the Johnson Controls security advisories.