← Back to home
ICSA-24-135-03  ·  Published 2024-05-14  ·  View on CISA ICS-CERT ↗

Johnson Controls Software House C●CURE 9000

CVSS 7.7 HIGH

Risk Summary

Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application.

CVEs (1)

Remediations

  • Johnson Controls recommends the following:
  • Update Software House C●CURE 9000 to version 3.00.2 CU02 or 3.00.3
  • Change the password for the impacted windows accounts.
  • Delete the api.log log file (or remove instances of passwords from the log file with a text editor) located at "C:\Program Files (x86)\Tyco\victorWebServices\victorWebsite\Logs"
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-04 v1
  • Aligning with CISA recommendations, Johnson Controls recommends taking steps to minimize risks to all building automation systems.

Affected Vendors

Johnson Controls

Affected Products (1)

Johnson Controls · Software House C●CURE 9000 v3.00.2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more