Latest Johnsoncontrols Vulnerabilities

CVE-2024-0242
Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub
Johnsoncontrols Qolsys Iq Panel 4 Firmware<4.4.2
Johnsoncontrols Qolsys Iq Panel 4
Johnsoncontrols Qolsys Iq4 Hub Firmware<4.4.2
Johnsoncontrols Qolsys Iq4 Hub
CVE-2023-0248
Kantech Gen1 ioSmart card reader
Johnsoncontrols Iosmart Gen 1 Firmware<1.07.02
Johnsoncontrols Iosmart Gen 1
CVE-2023-4486
Uncontrolled Resource Consumption in Metasys and Facility Explorer
Johnsoncontrols Nae55 Firmware<12.0.4
Johnsoncontrols Nae55
Johnsoncontrols Sne22000 Firmware<12.0.4
Johnsoncontrols Sne22000
Johnsoncontrols Sne11000 Firmware<12.0.4
Johnsoncontrols Sne11000
and 15 more
CVE-2023-4804
Quantum HD Unity
Johnsoncontrols Quantum Hd Unity Compressor Firmware>=11.00<11.22
Johnsoncontrols Quantum Hd Unity Compressor Firmware>=12.00<12.22
Johnsoncontrols Quantum Hd Unity Compressor
Johnsoncontrols Quantum Hd Unity Acuair Firmware>=11.00<11.12
Johnsoncontrols Quantum Hd Unity Acuair Firmware>=12.00<12.12
Johnsoncontrols Quantum Hd Unity Acuair
and 12 more
CVE-2023-3749
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.
Johnsoncontrols Videoedge<6.1.1
Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​VideoEdge<6.1.1
CVE-2023-3548
An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.
Johnsoncontrols Iq Wifi 6 Firmware<2.0.2
Johnsoncontrols Iq Wifi 6
: Johnson Controls Inc. IQ Wifi 6: All firmware versions prior to 2.0.2
CVE-2023-3127
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
Johnsoncontrols Istar Ultra Firmware>=6.8.6<6.9.2
Johnsoncontrols Istar Ultra Firmware=6.9.2
Johnsoncontrols Istar Ultra
Johnsoncontrols Istar Ultra Lt Firmware>=6.8.6<6.9.2
Johnsoncontrols Istar Ultra Lt Firmware=6.9.2
Johnsoncontrols Istar Ultra Lt
and 8 more
CVE-2023-0954
A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.
Johnsoncontrols Illustra Pro Gen 4 Dome Firmware<=ss016.05.09.04.0006
Johnsoncontrols Illustra Pro Gen 4 Dome
Johnsoncontrols Illustra Pro Gen 4 Ptz Firmware<=ss010.05.09.04.0022
Johnsoncontrols Illustra Pro Gen 4 Ptz
Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. ​Pro Gen 4 Dome: Up to and including Illustra.SS016.05.09.04.0006
Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. ​Pro Gen 4 PTZ: Up to and including Illustra.SS010.05.09.04.0022
CVE-2023-2025
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.
Johnsoncontrols Openblue Enterprise Manager Data Collector<3.2.5.75
Johnson Controls Inc. OpenBlue Enterprise Manager Data Collector: Firmware versions prior to 3.2.5.75
CVE-2023-2024
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
Johnsoncontrols Openblue Enterprise Manager Data Collector<3.2.5.75
Johnson Controls Inc. OpenBlue Enterprise Manager Data Collector: Firmware versions prior to 3.2.5.75
CVE-2022-21940
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow acc...
Johnsoncontrols Metasys System Configuration Tool>=14.0<14.2.3
Johnsoncontrols Metasys System Configuration Tool>=15.0<15.0.3
CVE-2022-21939
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
Johnsoncontrols Metasys System Configuration Tool>=14.0<14.2.3
Johnsoncontrols Metasys System Configuration Tool>=15.0<15.0.3
CVE-2021-36204
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to e...
Johnsoncontrols Metasys Application And Data Server>=10.0<10.1.6
Johnsoncontrols Metasys Application And Data Server>=11.0<11.0.3
Johnsoncontrols Metasys Extended Application And Data Server>=10.0<10.1.6
Johnsoncontrols Metasys Extended Application And Data Server>=11.0<11.0.3
Johnsoncontrols Metasys Open Application Server>=10.0<10.1.6
Johnsoncontrols Metasys Open Application Server>=11.0<11.0.3
CVE-2021-36206
All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
Johnsoncontrols Cevas<1.01.46
CVE-2021-36201
Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.
Johnsoncontrols C-cure 9000 Firmware<=2.90
Johnsoncontrols C-cure 9000
CVE-2022-21936
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.
Johnsoncontrols Metasys Extended Application And Data Server=12.0
Johnsoncontrols Metasys For Validated Environments
CVE-2022-21941
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.
Johnsoncontrols Istar Ultra Firmware<6.8.9.cu01
Johnsoncontrols Istar Ultra
CVE-2021-36200
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.
Johnsoncontrols Metasys Application And Data Server>=10.0<10.1.6
Johnsoncontrols Metasys Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Extended Application And Data Server>=10.0<10.1.6
Johnsoncontrols Metasys Extended Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Open Application Server>=10.0<10.1.6
Johnsoncontrols Metasys Open Application Server>=11.0<11.0.2
CVE-2022-21938
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the...
Johnsoncontrols Metasys Application And Data Server>=10.0<=10.1.5
Johnsoncontrols Metasys Application And Data Server=11.0
Johnsoncontrols Metasys Application And Data Server=11.0.1
Johnsoncontrols Metasys Extended Application And Data Server>=10.0<=10.1.5
Johnsoncontrols Metasys Extended Application And Data Server=11.0
Johnsoncontrols Metasys Extended Application And Data Server=11.0.1
and 3 more
CVE-2022-21937
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the...
Johnsoncontrols Metasys Application And Data Server>=10.0<=10.1.5
Johnsoncontrols Metasys Application And Data Server=11.0
Johnsoncontrols Metasys Application And Data Server=11.0.1
Johnsoncontrols Metasys Extended Application And Data Server>=10.0<=10.1.5
Johnsoncontrols Metasys Extended Application And Data Server=11.0
Johnsoncontrols Metasys Extended Application And Data Server=11.0.1
and 3 more
CVE-2022-21934
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS...
Johnsoncontrols Metasys Application And Data Server>=10.0<10.1.5
Johnsoncontrols Metasys Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Extended Application And Data Server>=10.0<10.1.5
Johnsoncontrols Metasys Extended Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Open Application Server>=10.0<10.1.5
Johnsoncontrols Metasys Open Application Server>=11.0<11.0.2
CVE-2021-36203
Johnsoncontrols Metasys System Configuration Tool<14.2.2
Johnsoncontrols Metasys System Configuration Tool<14.2.2
CVE-2021-36205
Under certain circumstances the session token is not cleared on logout.
Johnsoncontrols Metasys Application And Data Server>=10.0<10.1.5
Johnsoncontrols Metasys Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Extended Application And Data Server>=10.0<10.1.5
Johnsoncontrols Metasys Extended Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Open Application Server>=10.0<10.1.5
Johnsoncontrols Metasys Open Application Server>=11.0<11.0.2
CVE-2022-26643
Johnsoncontrols Easyio Cpt Graphics=0.8
CVE-2021-36202
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson...
Johnsoncontrols Metasys Application And Data Server>=10.0<10.1.5
Johnsoncontrols Metasys Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Extended Application And Data Server>=10.0<10.1.5
Johnsoncontrols Metasys Extended Application And Data Server>=11.0<11.0.2
Johnsoncontrols Metasys Open Application Server>=10.0<10.1.5
Johnsoncontrols Metasys Open Application Server>=11.0<11.0.2
CVE-2021-36199
Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.
Johnsoncontrols Videoedge>=5.4.1<=5.7.1
CVE-2021-36198
Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.
Johnsoncontrols Kantech Entrapass<8.40
CVE-2021-27665
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.
Johnsoncontrols Exacqvision Server<=21.06.11.0
CVE-2021-27664
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
Johnsoncontrols Exacqvision Web Service<=20.06.11.0
CVE-2021-27662
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and incl...
Johnsoncontrols Kantech Kt-1 Door Controller Firmware<=3.01
Johnsoncontrols Kantech Kt-1 Door Controller
CVE-2021-27663
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Contro...
Johnsoncontrols Ac2000 Firmware>=10.1<=10.5
Johnsoncontrols Ac2000
CVE-2021-27661
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file syste...
Johnsoncontrols F4-snc Firmware=11
Johnsoncontrols F4-snc
CVE-2021-27660
An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.
Johnsoncontrols C-cure 9000 Firmware<2.80
Johnsoncontrols C-cure 9000
CVE-2021-27658
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to ot...
Johnsoncontrols Exacqvision Enterprise Manager<=20.12
CVE-2021-27657
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sendin...
Johnsoncontrols Metasys<=11.0
CVE-2021-27656
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.
Johnsoncontrols Exacqvision Web Service<=20.12.2.0
CVE-2020-9050
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
Johnsoncontrols Metasys Reporting Engine=2.0
Johnsoncontrols Metasys Reporting Engine=2.1
CVE-2020-9049
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JS...
Johnsoncontrols C-cure Web<=2.90
Johnsoncontrols Victor Web<=5.6
CVE-2020-9048
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files ...
Johnsoncontrols Victor Web Client<=5.4.1
Tyco C-cure Web Client<=2.80
CVE-2020-9046
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifical...
Johnsoncontrols Kantech Entrapass<=8.22
Johnsoncontrols Kantech Entrapass<=8.22
Johnsoncontrols Kantech Entrapass<=8.22
CVE-2020-9045
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade ar...
Tyco Victor Video Management System=5.2
Johnsoncontrols C-cure 9000 Firmware=2.70
CVE-2020-9044
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys App...
Johnsoncontrols Metasys Application And Data Server<=10.1
Johnsoncontrols Metasys Application And Data Server<=10.1
Johnsoncontrols Metasys Extended Application And Data Server<=10.1
Johnsoncontrols Metasys Lonworks Control Server<=10.1
Johnsoncontrols Metasys Open Application Server=10.1
Johnsoncontrols Metasys Open Data Server<=10.1
and 28 more
CVE-2019-7593
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
Johnsoncontrols Metasys System<9.0
CVE-2019-7594
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
Johnsoncontrols Metasys System<9.0
CVE-2019-7590
ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it poten...
Johnsoncontrols Exacqvision Server=9.6
Johnsoncontrols Exacqvision Server=9.8
CVE-2018-10624
Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information
Johnsoncontrols Bcpro<3.0.2
Johnsoncontrols Metasys System<=8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203