Johnson Controls Metasys

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability can allow a denial-of-service attack or disclosure of sensitive data.

CVEs (1)

CVE-2020-9044

Remediations

Users should contact a branch office for remediation. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2020-3 v1
For questions concerning this product, contact Johnson Controls Global Product Security; email: [email protected] icsa-20-070-05.json,vendor_fix,Do not click web links or open unsolicited attachments in email messages.,empty icsa-20-070-05.json,vendor_fix,Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.,https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf icsa-20-070-05.json,vendor_fix,Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.,https://www.us-cert.gov/ncas/tips/ST04-014 icsa-23-031-01.json,vendor_fix,Delta Electronics released version 1.3.0 of DIAScreen (login required) and recommends users to use DIAScreen instead of DOPSoft.,https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_diastudiosigninup&client_id=9092aab8-5ccc-4a8a-a76a-59b00b7d0d52&redirect_uri=https%3a%2f%2fdiastudio.deltaww.com%2f&response_mode=form_post&response_type=id_token&scope=openid&state=OpenIdConnect.AuthenticationProperties%3dtSXw0hKpEQ9vkkvdbqbshwzywJBnOgHxqapYQrEFN1e07YOvSVHV4JuCnsD_u70KLfNuS1hKhM-fxE-PWfcOiK5DvJawVerhuz5N06I2xkJWLrZ0yh9PwixawgeMnt-gu8pNLCmqRH8jRkrirPp2XMz3lu8Qd1AmJGdk9xRhIziSEbdEjF0X8r2D4klk7yno&nonce=638084927799189443.NTVmNmFmNDMtYjNmMC00ZWY0LWI3ZjQtYzA0NTI0NTE5MTVmODE0MGU5ZGItNDhhMy00MDI5LTk4NWQtYzUxNjJkOGJiYmI1&ui_locales=en-US&x-client-SKU=ID_NET&x-client-ver=1.0.40306.1554#catalog icsa-21-266-01.json,vendor_fix,Affected users should contact a Trane office to make arrangements to install updated firmware or to request additional information. Please reference Trane service database number HUB-205962 when contacting Trane. Trane recommends the applications below be updated to the versions listed below.,http://www.trane.com/commercial/north-america/us/en.html icsa-21-266-01.json,vendor_fix,Symbio 700: Odyssey Split Systems: All versions prior to v1.00.0023,empty icsa-21-266-01.json,vendor_fix,Symbio 800: IntelliPak Rooftop Air Conditioner: All versions prior to v1.30.0008,empty icsa-21-266-01.json,vendor_fix,Symbio 800: Ascend Air-cooled Chiller Model ACR: All versions prior to v1.10.0010,empty icsa-21-266-01.json,vendor_fix,Symbio 800: Agility Water-Cooled Chiller Model HDWA: All versions prior to v1.00.0010,empty icsa-21-266-01.json,vendor_fix,Restrict physical controller access to trained and trusted personnel.,empty icsa-21-266-01.json,vendor_fix,Use secure remote access solutions such as Trane Connect Remote Access

Affected Vendors

Johnson Controls Inc

Affected Products (10)

Johnson Controls Inc · LonWorks Control Server (LCS) <= 10.1

Johnson Controls Inc · Open Application Server (OAS) 10.1

Johnson Controls Inc · Extended Application and Data Server (ADX) <= 10.1

Johnson Controls Inc · NAE85 and NIE85 <= 10.1

Johnson Controls Inc · Smoke Control Network Automation Engine (NAE55 UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) 8.1

Johnson Controls Inc · Application and Data Server (ADS ADS-Lite) <= 10.1

Johnson Controls Inc · Open Data Server (ODS) <= 10.1

Johnson Controls Inc · Network Automation Engine (NAE55 only) 9.0.1 | 9.0.2 | 9.0.3 | 9.0.5 | 9.0.6

Johnson Controls Inc · Network Integration Engine (NIE55/NIE59) 9.0.1 | 9.0.2 | 9.0.3 | 9.0.5 | 9.0.6

Johnson Controls Inc · System Configuration Tool (SCT) <= 13.2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more