← Back to home
ICSA-21-280-03  ·  Published 2021-10-07  ·  View on CISA ICS-CERT ↗

Johnson Controls exacqVision

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated remote user to exploit an integer overflow in the exacqVision Server with a specially crafted script and cause a denial-of-service condition.

CVEs (1)

Remediations

  • Upgrade exacqVision Server 32-bit to Version 21.09 or upgrade to exacqVision Server 64-bit.
  • Current users can obtain the critical software update from the software download location.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2021-18v1
  • Further ICS security notices and product security guidance are located at the Johnson Controls product security website.

Affected Vendors

Exacq Technologies, Johnson Controls Inc.

Affected Products (1)

Exacq Technologies, Johnson Controls Inc. · exacqVision Server 32-bit <= 21.06.11.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more