← Back to home
ICSA-22-125-01  ·  Published 2022-05-05  ·  View on CISA ICS-CERT ↗

Johnson Controls Metasys

CVSS 8.0 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an authenticated user to lock other users out of the system and take over their accounts.

CVEs (1)

Remediations

  • Update all v10 Metasys ADS/ADX/OAS: with patch 10.1.5
  • Update all v11 Metasys ADS/ADX/OAS: with patch 11.0.2
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-09 v1. Johnson Controls also recommends users take steps to minimize risks to all building automation systems.

Affected Vendors

Johnson Controls Inc

Affected Products (1)

Johnson Controls Inc · Metasys ADS/ADX/OAS Servers 10 | 11

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more