ICSA-18-212-02
·
Published 2018-07-31
·
View on CISA ICS-CERT ↗
Johnson Controls Metasys and BCPro
CVSS 4.3
MEDIUM
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to obtain technical information about the Metasys or BCPro server, allowing an attacker to target a system for attack.
CVEs (1)
Remediations
- This issue was remediated in Metasys v8.1 (April, 2016). Users should upgrade to the latest product version (9.0). For Metasys information, contact your Metasys field service/sales representative.
- This issue was remediated in the BCPro Workstation in BCPro v3.0 (October, 2017) and mitigated for the BACnet Router and Gateway in BCPro v3.0.2 (June, 2018). Users should upgrade to the latest product versions. For more BCPro information, contact your BCPro sales and support representative.
- Product security contact information, Building Automation System hardening, and security resources are located at our product security website http://www.johnsoncontrols.com/buildings/specialty-pages/product-security
- Contact information: Johnson Controls Global Product Security at [email protected]
Affected Vendors
Johnson Controls Inc
Affected Products (2)
Johnson Controls Inc
·
BCPro (BCM)
< 3.0.2
Johnson Controls Inc
·
Metasys System
<= 8.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more