Vulnerabilities > Johnsoncontrols
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-01 | CVE-2024-32758 | Inadequate Encryption Strength vulnerability in Johnsoncontrols Exacqvision Client and Exacqvision Server Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange | 7.5 |
| 2024-08-01 | CVE-2024-32862 | Incorrect Comparison vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03 Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains. | 8.1 |
| 2024-08-01 | CVE-2024-32865 | Improper Certificate Validation vulnerability in Johnsoncontrols Exacqvision Server 21.06.11.0/9.6/9.8 Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices. | 7.3 |
| 2024-08-01 | CVE-2024-32931 | Unspecified vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03 Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | 5.7 |
| 2024-08-01 | CVE-2024-32863 | Cross-Site Request Forgery (CSRF) vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03 Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF) | 8.8 |
| 2024-08-01 | CVE-2024-32864 | Cleartext Transmission of Sensitive Information vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03 Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS) | 8.1 |
| 2024-06-06 | CVE-2024-0912 | Information Exposure Through Log Files vulnerability in Johnsoncontrols Software House C-Cure 9000 Siteserver 3.00.2 Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. | 4.2 |
| 2024-02-08 | CVE-2024-0242 | Unspecified vulnerability in Johnsoncontrols products Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | 9.8 |
| 2023-12-14 | CVE-2023-0248 | Memory Leak vulnerability in Johnsoncontrols Iosmart GEN 1 Firmware An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader. | 5.3 |
| 2023-12-07 | CVE-2023-4486 | Allocation of Resources Without Limits or Throttling vulnerability in Johnsoncontrols products Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. | 7.5 |