← Back to home
ICSA-24-214-02  ·  Published 2024-08-01  ·  View on CISA ICS-CERT ↗

Johnson Controls exacqVision Server web service

CVSS 6.8 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to send an unauthorized request or access data from an untrusted domain.

CVEs (1)

Remediations

  • Johnson Controls recommends that users update exacqVision Web Service to version 24.06.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-15
  • Aligning with CISA recommendations, Johnson Controls recommends taking steps to minimize risks to all building automation systems.

Affected Vendors

Johnson Controls Inc.

Affected Products (1)

Johnson Controls Inc. · exacqVision Web Service 22.12.1.0

Affected Sectors

Critical Manufacturing, Commercial Facilities, Government Facilities, Transportation Systems, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more