ICSA-19-022-01
·
Published 2019-01-22
·
View on CISA ICS-CERT ↗
Johnson Controls Facility Explorer
CVSS 6.6
MEDIUM
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete sensitive files to gain administrator privileges in the Facility Explorer system.
CVEs (1)
Remediations
- Johnson Controls has mitigated these vulnerabilities in the following versions. Users should upgrade to one of these product versions (FX14.6 recommended)
- Facility Explorer 14.6 (released September 2018)
- Facility Explorer 14.4u1 (released August 2018)
- Facility Explorer 6.6 (released August 2018)
- For more information, please refer to Johnson Controls Global Product Security at https://www.johnsoncontrols.com/buildings/specialty-pages/product-security or send an email to [email protected] Controls Services and Support: https://www.johnsoncontrols.com/buildings/hvac-controls
Affected Vendors
Johnson Controls Inc
Affected Products (2)
Johnson Controls Inc
·
Facility Explorer
< 6.6 (6.x series)
Johnson Controls Inc
·
Facility Explorer
< 14.4u1 (14.x series)
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more