ICSA-26-125-05
·
Published 2026-05-05
·
View on CISA ICS-CERT ↗
Johnson Controls CEM AC2000
CVSS 8.7
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine.
CVEs (1)
Remediations
- Johnson Controls recommends users apply the following mitigations:
- Upgrade CEM AC 2000 12.0 to 12.0 Release 10.
- Upgrade CEM AC 2000 11.0 to 11.0 Release 9.
- Upgrade CEM AC 2000 10.6 to 10.6 Release 3.
- For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory.
Affected Vendors
Johnson Controls Inc.
Affected Products (3)
Johnson Controls Inc.
·
CEM AC2000
12.0
Johnson Controls Inc.
·
CEM AC2000
11.0
Johnson Controls Inc.
·
CEM AC2000
10.6
Affected Sectors
Critical Manufacturing, Commercial Facilities, Government Services and Facilities, Transportation Systems, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more