← Back to home
ICSA-21-049-01  ·  Published 2021-02-18  ·  View on CISA ICS-CERT ↗

Johnson Controls Metasys Reporting Engine (MRE) Web Services

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to access and download arbitrary files from the system.

CVEs (1)

Remediations

  • Johnson Controls recommends users upgrade to MRE v2.2 or later. Users with licenses for MRE should contact their local branch office for remediation.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2021-02

Affected Vendors

Johnson Controls Inc

Affected Products (2)

Johnson Controls Inc · Metasys Reporting Engine (MRE) 2.1
Johnson Controls Inc · Metasys Reporting Engine (MRE) 2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more