← Back to home
ICSA-22-298-05  ·  Published 2022-10-25  ·  View on CISA ICS-CERT ↗

Johnson Controls CKS CEVAS

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.

CVEs (1)

Remediations

  • Johnson Controls recommends upgrading CEVAS to v1.01.46 by contacting CKS for assistance.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-15 v1.

Affected Vendors

CKS, a subsidiary of Johnson Controls Inc.

Affected Products (1)

CKS, a subsidiary of Johnson Controls Inc. · CEVAS < 1.01.46

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more