ICSA-24-179-05 · Published 2024-07-02 · View on CISA ICS-CERT ↗

Johnson Controls Illustra Essentials Gen 4 (Update A)

CVSS 6.8 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an authenticated user to recover credentials for other Linux users.

CVE-2024-32756

Johnson Controls recommends that users upgrade cameras to Illustra.Ess4.01.02.13.6953. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-07 v1.
Aligning with CISA recommendations, Johnson Controls recommends taking steps to minimize risks to all building automation systems.
CISA provides a section for control systems security recommended practices on the ICS web page on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Further ICS security notices and product security guidance are located at Johnson Controls' product security website
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Johnson Controls, Inc.

Johnson Controls, Inc. · Illustra Essentials Gen 4 <=Illustra.Ess4.01.02.10.5982

Critical Manufacturing, Commercial Facilities, Government Facilities, Transportation Systems, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.