← Back to home
ICSA-23-040-03  ·  Published 2023-02-09  ·  View on CISA ICS-CERT ↗

Johnson Controls System Configuration Tool (SCT)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to access cookies and take over the user's session.

CVEs (2)

Remediations

  • Johnson Controls recommends users take the following actions to mitigate the vulnerabilities.
  • Update SCT version 14 with patch 14.2.3
  • Update SCT version 15 with patch 15.0.3
  • Contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS)
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-07 v1

Affected Vendors

Johnson Controls

Affected Products (2)

Johnson Controls · System Configuration Tool (SCT) version 14 < 14.2.3
Johnson Controls · System Configuration Tool (SCT) version 15 < 15.0.3

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more