ICSA-24-214-03 · Published 2024-08-01 · View on CISA ICS-CERT ↗

Johnson Controls exacqVision Web Service

CVSS 6.8 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to perform state-changing operations with administrative privileges.

CVE-2024-32863

Johnson Controls recommends that users update exacqVision Web Service to version 24.06.
For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-16.

Johnson Controls, Inc.

Johnson Controls, Inc. · exacqVision Web Service <=24.03

Critical Manufacturing, Commercial Facilities, Government Facilities, Transportation Systems, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.