ICSA-24-179-07
·
Published 2024-07-02
·
View on CISA ICS-CERT ↗
Johnson Controls Illustra Essentials Gen 4 (Update A)
CVSS 6.8
MEDIUM
Risk Summary
Successful exploitation of this vulnerability may allow web interface user's credentials to be recovered by an authenticated user.
CVEs (1)
Remediations
- Johnson Controls recommends that users upgrade cameras to Illustra.Ess4.01.02.13.6953. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-08 v1
- Johnson Controls recommends taking steps to minimize risks to all building automation systems. Further ICS security notices and product security guidance are located at Johnson Controls product security website. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Affected Vendors
Johnson Controls, Inc.
Affected Products (1)
Johnson Controls, Inc.
·
Illustra Essential Gen 4
<=Illustra.Ess4.01.02.10.5982
Affected Sectors
Critical Manufacturing, Commercial Facilities, Government Facilities, Transportation Systems, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more