ICSA-21-147-02
·
Published 2021-05-27
·
View on CISA ICS-CERT ↗
Johnson Controls Sensormatic Electronics VideoEdge
CVSS 7.8
HIGH
CISA KEV — Known Exploited
Risk Summary
Under specific circumstances, a local authenticated user may be able to exploit this vulnerability to gain administrative access.
CVEs (1)
Remediations
- Johnson Controls recommends users upgrade to the latest VideoEdge release (currently 5.7.0). If this is not possible, a sudo patch is available from the American Dynamics website for VideoEdge 5.4.2 and 5.6.0. VideoEdge 5.4.1 and older cannot be patched and should be upgraded.
- American Dynamics is a Johnson Controls brand. Users may contact American Dynamics technical support for assistance with updating their operating system. https://www.americandynamics.net/Support
Affected Vendors
Sensormatic Electronics, LLC, Johnson Controls Inc.
Affected Products (1)
Sensormatic Electronics, LLC, Johnson Controls Inc.
·
VideoEdge
< 5.7.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more