← Back to home
ICSA-22-277-01  ·  Published 2022-10-04  ·  View on CISA ICS-CERT ↗

Johnson Controls Metasys ADX Server

CVSS 8.1 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an Active Directory user to execute validated actions without providing a valid password.

CVEs (1)

Remediations

  • Johnson Controls recommends users update Metasys ADX Server version 12.0 running MVE with patch 12.0.1. Users should contact Johnson Controls or Authorized Building Control Specialists (ABCS) for more information.
  • For more detailed mitigation instructions, users should see Johnson Controls Product Security Advisory JCI-PSA-2022-11 at the following location:

Affected Vendors

Johnson Controls Inc

Affected Products (1)

Johnson Controls Inc · Metasys ADX Server 12.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more