ICSA-23-341-03
·
Published 2023-12-19
·
View on CISA ICS-CERT ↗
Johnson Controls Metasys and Facility Explorer (Update A)
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service by sending invalid credentials.
CVEs (1)
Remediations
- Johnson Controls recommends users update the products to the latest versions:
- Update Metasys NAE55 engines to version 11.0.6
- Update Metasys NAE55 engines to version 12.0.4
- Update Metasys SNE engines to version 11.0.6
- Update Metasys SNE engines to version 12.0.4
- Update Metasys SNC engines to version 11.0.6
- Update Metasys SNC engines to version 12.0.4
- Update Facility Explorer F4-SNC engine to version 11.0.6
- Update Facility Explorer F4-SNC engine to version 12.0.4
- For more information, contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS).
- For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2023-08 v2.
Affected Vendors
Johnson Controls
Affected Products (8)
Johnson Controls
·
Metasys NAE55 engines
<11.0.6
Johnson Controls
·
Metasys NAE55 engines
<12.0.4
Johnson Controls
·
Metasys SNE engines
<11.0.6
Johnson Controls
·
Metasys SNE engines
<12.0.4
Johnson Controls
·
Metasys SNC engines
<11.0.6
Johnson Controls
·
Metasys SNC engines
<12.0.4
Johnson Controls
·
Facility Explorer F4-SNC
<11.0.6
Johnson Controls
·
Facility Explorer F4-SNC
<12.0.4
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more