← Back to home
ICSA-22-104-02  ·  Published 2022-04-14  ·  View on CISA ICS-CERT ↗

Johnson Controls Metasys

CVSS 8.1 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to use a session token that has not been cleared upon log out of an authenticated user.

CVEs (1)

Remediations

  • Update all Metasys ADS/ADX/OAS Servers: Versions 10 with patch 10.1.5
  • Update all Metasys ADS/ADX/OAS Servers: Versions 11 with patch 11.0.2
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-06 v1

Affected Vendors

Johnson Controls Inc

Affected Products (1)

Johnson Controls Inc · All Metasys ADS/ADX/OAS Servers 10 | 11

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more