← Back to home
ICSA-21-357-02  ·  Published 2021-12-23  ·  View on CISA ICS-CERT ↗

Johnson Controls exacq Enterprise Manager

CVSS 10.0 CRITICAL CISA KEV — Known Exploited

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to enter malicious input resulting in remote code execution.

CVEs (1)

Remediations

  • Johnson Controls recommends upgrading exacq Enterprise Manager to Version 21.12.1 or apply manual mitigation steps (available upon request).
  • Refer to the exacq Hardening Guide for guidance on isolating exacqVision NVRs and Enterprise Manager from public facing networks to reduce network exposure to attacks.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2021-24 v1
  • Further ICS security notices and product security guidance are located at Johnson Controls product security website.

Affected Vendors

Exacq Technologies, Johnson Controls Inc.

Affected Products (1)

Exacq Technologies, Johnson Controls Inc. · Exacq Enterprise Manager <= 21.12

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more