ICSA-21-245-01
·
Published 2021-09-02
·
View on CISA ICS-CERT ↗
Johnson Controls Sensormatic Electronics Illustra
CVSS 7.8
HIGH
CISA KEV — Known Exploited
Risk Summary
Successful exploitation of this vulnerability could allow a local attacker to obtain super user access to the underlying Linux operating system.
CVEs (1)
Remediations
- Pro Gen 3: upgrade to Version 2.8.0
- Flex Gen 2: upgrade to Version 1.9.4
- Pro 2 is EOL
- Insight, upgrade to Version 1.4.0
- For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2021-13
- Johnson Controls recommends taking steps to minimize risks to all building automation systems.
Affected Vendors
Sensormatic Electronics, LLC, Johnson Controls Inc.
Affected Products (4)
Sensormatic Electronics, LLC, Johnson Controls Inc.
·
Insight
< 1.4.0
Sensormatic Electronics, LLC, Johnson Controls Inc.
·
Pro 2
vers:all/*
Sensormatic Electronics, LLC, Johnson Controls Inc.
·
Flex Gen 2
< 1.9.4
Sensormatic Electronics, LLC, Johnson Controls Inc.
·
Pro Gen 3
< 2.8.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more