← Back to home
ICSA-22-095-02  ·  Published 2022-04-05  ·  View on CISA ICS-CERT ↗

Johnson Controls Metasys

CVSS 8.4 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an authenticated attacker to inject malicious code into the MUI PDF export feature.

CVEs (1)

Remediations

  • Johnson Controls recommends upgrading to the current version of Metasys
  • Update Metasys ADS/ADX/OAS Version 10 with patch 10.1.5
  • Update Metasys ADS/ADX/OAS Version 11 with patch 11.0.2
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-02 v1

Affected Vendors

Johnson Controls Inc

Affected Products (1)

Johnson Controls Inc · Metasys ADS/ADX/OAS 10 | 11

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more