Johnson Controls, Inc. ICS Security Advisories
42 CISA ICS-CERT advisories published for Johnson Controls, Inc. industrial control system products. Data updated every 2 hours.
7
Critical
19
High
15
Medium
1
Low
| Severity | CVSS | Advisory | Products | Published |
|---|---|---|---|---|
| HIGH | 7.6 |
Johnson Controls PowerG, IQPanel and IQHub (Update A)
ICSA-25-350-02 · 4 CVEs
|
PowerG,
IQHub,
IQPanel 2
+2 more
|
2026-03-05 |
| CRITICAL | 9.1 |
Johnson Controls, Inc. Frick Controls Quantum HD
ICSA-26-057-01 · 6 CVEs
|
Frick Controls Quantum HD
|
2026-02-26 |
| HIGH | 7.1 |
Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool
ICSA-26-022-04 · 1 CVE
|
iSTAR Configuration Utility (ICU) tool
|
2026-01-22 |
| HIGH | 8.8 |
Johnson Controls iSTAR
ICSA-25-345-01 · 2 CVEs
|
iSTAR Ultra,
iSTAR Ultra SE,
iSTAR Ultra G2
+2 more
|
2025-12-11 |
| HIGH | 7.7 |
Johnson Controls FX Server, FX80 and FX90 (Update A)
ICSA-25-219-02 · 1 CVE
|
FX80,
FX80,
FX90
+3 more
|
2025-12-04 |
| CRITICAL | 9.3 |
Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace
ICSA-25-338-03 · 1 CVE
|
OpenBlue Mobile Web Application for OpenBlue Workplace
|
2025-12-04 |
| MEDIUM | 6.5 |
Johnson Controls iSTAR
ICSA-25-338-04 · 1 CVE
|
iSTAR eX,
iSTAR Edge,
iSTAR Ultra LT (if in TLS 1.2)
+2 more
|
2025-12-04 |
| CRITICAL | 9.1 |
Johnson Controls Software House iStar Door Controller (Update A)
ICSA-24-158-04 · 1 CVE
|
Software House iStar Pro, Edge and eX door controllers,
Software House iStar Ultra and Ultra LT door controllers,
iSTAR Configuration Utility (ICU) Tool
|
2025-07-29 |
| HIGH | 7.8 |
Johnson Controls Inc. Software House C●CURE 9000 (Update B)
ICSA-24-191-05 · 1 CVE
|
Software House C●CURE 9000 Site Server
|
2025-07-17 |
| HIGH | 7.4 |
Johnson Controls iSTAR Configuration Utility (ICU) tool
ICSA-25-146-01 · 1 CVE
|
ICU
|
2025-05-27 |
| CRITICAL | 9.8 |
Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool
ICSA-25-114-05 · 1 CVE
|
ICU
|
2025-05-06 |
| HIGH | 8.3 |
Johnson Controls exacqVision client and exacqVision server
ICSA-24-214-01 · 1 CVE
|
exacqVision client,
exacqVision server
|
2024-08-01 |
| MEDIUM | 6.8 |
Johnson Controls exacqVision Server web service
ICSA-24-214-02 · 1 CVE
|
exacqVision Web Service
|
2024-08-01 |
| MEDIUM | 6.8 |
Johnson Controls exacqVision Web Service
ICSA-24-214-03 · 1 CVE
|
exacqVision Web Service
|
2024-08-01 |
| MEDIUM | 6.4 |
Johnson Controls exacqVision Web Service
ICSA-24-214-04 · 1 CVE
|
exacqVision Web Service
|
2024-08-01 |
| MEDIUM | 6.4 |
Johnson Controls exacqVision Server
ICSA-24-214-05 · 1 CVE
|
exacqVision Server
|
2024-08-01 |
| MEDIUM | 5.7 |
Johnson Controls exacqVision Web Service
ICSA-24-214-06 · 1 CVE
|
exacqVision Web Service
|
2024-08-01 |
| HIGH | 8.8 |
Johnson Controls Inc. Software House C●CURE 9000
ICSA-24-191-04 · 1 CVE
|
Software House C●CURE 9000
|
2024-07-09 |
| CRITICAL | 9.1 |
Johnson Controls Illustra Essentials Gen 4 (Update A)
ICSA-24-179-04 · 1 CVE
|
Illustra Essentials Gen 4
|
2024-07-02 |
| MEDIUM | 6.8 |
Johnson Controls Illustra Essentials Gen 4 (Update A)
ICSA-24-179-05 · 1 CVE
|
Illustra Essentials Gen 4
|
2024-07-02 |
| MEDIUM | 6.8 |
Johnson Controls Illustra Essentials Gen 4 (Update A)
ICSA-24-179-06 · 1 CVE
|
Illustra Essential Gen 4
|
2024-07-02 |
| MEDIUM | 6.8 |
Johnson Controls Illustra Essentials Gen 4 (Update A)
ICSA-24-179-07 · 1 CVE
|
Illustra Essential Gen 4
|
2024-07-02 |
| LOW | 3.1 |
Johnson Controls Kantech Door Controllers
ICSA-24-184-01 · 1 CVE
|
Kantech KT1 Door Controller, Rev01,
Kantech KT2 Door Controller, Rev01,
Kantech KT400 Door Controller, Rev01
|
2024-07-02 |
| CRITICAL | 10.0 |
Johnson Controls Quantum HD Unity
ICSA-23-313-01 · 1 CVE
|
Quantum HD Unity Compressor control panels (Q5),
Quantum HD Unity Compressor control panels (Q6),
Quantum HD Unity AcuAir control panels (Q5)
+9 more
|
2023-11-09 |
| HIGH | 8.3 |
Johnson Controls IQ Wifi 6
ICSA-23-206-04 · 1 CVE
|
IQ Wifi 6 Firmware
|
2023-07-25 |
| CRITICAL | 10.0 |
Johnson Controls OpenBlue Enterprise Manager Data Collector
ICSA-23-138-04 · 2 CVEs
|
OpenBlue Enterprise Manager Data Collector
|
2023-05-22 |
| HIGH | 8.1 |
Johnson Controls Metasys ADX Server
ICSA-22-277-01 · 1 CVE
|
Metasys ADX Server
|
2022-10-04 |
| MEDIUM | 5.3 |
Johnson Controls Metasys ADS, ADX, OAS
ICSA-22-202-02 · 1 CVE
|
Johnson Controls Metasys ADS ADX OAS with MUI,
Johnson Controls Metasys ADS ADX OAS with MUI
|
2022-07-21 |
| HIGH | 8.7 |
Johnson Controls Metasys ADS ADX OAS Servers
ICSA-22-165-01 · 3 CVEs
|
All Metasys ADS/ADX/OAS
|
2022-06-14 |
| HIGH | 8.0 |
Johnson Controls Metasys
ICSA-22-125-01 · 1 CVE
|
Metasys ADS/ADX/OAS Servers
|
2022-05-05 |
| HIGH | 8.8 |
Johnson Controls Metasys
ICSA-22-118-01 · 1 CVE
|
All Metasys ADS/ADX/OAS Servers
|
2022-04-28 |
| MEDIUM | 5.3 |
Johnson Controls Metasys SCT Pro
ICSA-22-111-02 · 1 CVE
|
Metasys System Configuration Tool (SCT),
Metasys System Configuration Tool Pro (SCT Pro)
|
2022-04-21 |
| HIGH | 8.1 |
Johnson Controls Metasys
ICSA-22-104-02 · 1 CVE
|
All Metasys ADS/ADX/OAS Servers
|
2022-04-14 |
| HIGH | 8.4 |
Johnson Controls Metasys
ICSA-22-095-02 · 1 CVE
|
Metasys ADS/ADX/OAS
|
2022-04-05 |
| HIGH | 8.8 |
Johnson Controls Facility Explorer
ICSA-21-182-01 · 1 CVE
|
Facility Explorer SNC Series Supervisory Controller
|
2021-07-01 |
| HIGH | 8.8 |
Johnson Controls Metasys
ICSA-21-159-01 · 1 CVE
|
Metasys
|
2021-06-08 |
| HIGH | 7.5 |
Johnson Controls Metasys Reporting Engine (MRE) Web Services
ICSA-21-049-01 · 1 CVE
|
Metasys Reporting Engine (MRE),
Metasys Reporting Engine (MRE)
|
2021-02-18 |
| HIGH | 7.5 |
Johnson Controls Metasys
ICSA-20-070-05 · 1 CVE
|
LonWorks Control Server (LCS),
Open Application Server (OAS),
Extended Application and Data Server (ADX)
+7 more
|
2020-03-10 |
| MEDIUM | 6.8 |
Johnson Controls Metasys
ICSA-19-227-01 · 2 CVEs
|
Metasys system
|
2019-08-15 |
| MEDIUM | 6.7 |
Johnson Controls exacqVision Enterprise System Manager
ICSA-19-164-01 · 1 CVE
|
exacqVision ESM
|
2019-06-13 |
| MEDIUM | 6.6 |
Johnson Controls Facility Explorer
ICSA-19-022-01 · 1 CVE
|
Facility Explorer,
Facility Explorer
|
2019-01-22 |
| MEDIUM | 4.3 |
Johnson Controls Metasys and BCPro
ICSA-18-212-02 · 1 CVE
|
BCPro (BCM),
Metasys System
|
2018-07-31 |
Get Johnson Controls, Inc. Vulnerability Alerts
Don't check manually — OTWarden emails you when CISA publishes new Johnson Controls, Inc. ICS advisories, filtered to your specific equipment.
Start 14-Day Free Trial →