ICSA-20-142-01
·
Published 2020-05-21
·
View on CISA ICS-CERT ↗
Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS
CVSS 9.9
CRITICAL
Risk Summary
Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application.
CVEs (1)
Remediations
- For Software House C•CURE 9000: Users should upgrade to Version 2.80 or later.
- For American Dynamics victor Video Management System: Users should upgrade to Version 5.3
- Delete the log files from c:\programdata\tyco\installertemp and change the password for the windows account.
- For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2020-4 v1
- For questions concerning this product, contact Johnson Controls Global Product Security; email: [email protected]
Affected Vendors
Sensormatic Electronics, LLC, Johnson Controls Inc.
Affected Products (2)
Sensormatic Electronics, LLC, Johnson Controls Inc.
·
American Dynamics victor Video Management System
5.2
Sensormatic Electronics, LLC, Johnson Controls Inc.
·
Software House C•CURE 9000
2.7
Affected Sectors
Commercial Facilities, Critical Manufacturing, Financial Services, Government Facilitates, Healthcare and Public Health, Transportation Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more