Johnson Controls Inc. Software House C●CURE 9000 (Update B)

Risk Summary

Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application.

CVEs (1)

Remediations

• Johnson Controls, Inc. recommends the following:
• Remove Full control and Write permissions.
• For non-administrator accounts, limit permissions to Read & Execute on the following path: C:\CouchDB\bin
• For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-11 v3 at the following location: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
• Aligning with CISA recommendations, Johnson Controls recommends taking steps to minimize risks to all building automation systems.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing, Commercial Facilities, Government Facilities, Transportation Systems, Energy