← Back to home
ICSA-22-202-02  ·  Published 2022-07-21  ·  View on CISA ICS-CERT ↗

Johnson Controls Metasys ADS, ADX, OAS

CVSS 5.3 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated user to access Metasys web API and enumerate users.

CVEs (1)

Remediations

  • Metasys ADS/ADX/OAS 10: Update with patch 10.1.6
  • Metasys ADS/ADX/OAS 11: Update with patch 11.0.2
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-04 v1.

Affected Vendors

Johnson Controls Inc

Affected Products (2)

Johnson Controls Inc · Johnson Controls Metasys ADS ADX OAS with MUI 11
Johnson Controls Inc · Johnson Controls Metasys ADS ADX OAS with MUI 10

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more