← Back to home
ICSA-23-012-06  ·  Published 2023-01-12  ·  View on CISA ICS-CERT ↗

Johnson Controls Metasys

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could result in exposed credentials in plain text to unauthenticated users.

CVEs (1)

Remediations

  • Metasys ADS/ADX/OAS Version 10.X: update to patch 10.1.6
  • Metasys ADS/ADX/OAS Version 11.X: update to patch 11.0.3
  • Users should contact Johnson Controls or Authorized Building Control Specialists (ABCS) for information on obtaining and applying the patches.
  • For more detailed mitigation instructions, users should see Johnson Controls Product Security Advisory JCI-PSA-2022-05 v1 listed on the advisory page.

Affected Vendors

Johnson Controls

Affected Products (2)

Johnson Controls · Metasys ADS/ADX/OAS Servers < 10.1.6
Johnson Controls · Metasys ADS/ADX/OAS Servers < 11.0.3

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more