Vulnerabilities > Johnsoncontrols

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-27664 Improper Privilege Management vulnerability in Johnsoncontrols Exacqvision web Service 20.06.3.0
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
6.8
2021-10-11 CVE-2021-27665 Integer Overflow or Wraparound vulnerability in Johnsoncontrols Exacqvision Server
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.
network
low complexity
johnsoncontrols CWE-190
5.0
2021-09-15 CVE-2021-27662 Authentication Bypass by Capture-replay vulnerability in Johnsoncontrols Kantech Kt-1 Door Controller Firmware
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets.
6.8
2021-08-30 CVE-2021-27663 Incorrect Authorization vulnerability in Johnsoncontrols Ac2000 Firmware
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization.
network
johnsoncontrols CWE-863
critical
9.3
2021-07-01 CVE-2021-27660 Improper Input Validation vulnerability in Johnsoncontrols C-Cure 9000 Firmware
An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.
network
low complexity
johnsoncontrols CWE-20
6.5
2021-07-01 CVE-2021-27661 Incorrect Authorization vulnerability in Johnsoncontrols F4-Snc Firmware 11
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC.
network
low complexity
johnsoncontrols CWE-863
6.5
2021-06-24 CVE-2021-27658 Cross-site Scripting vulnerability in Johnsoncontrols Exacqvision Enterprise Manager 20.06.4.0/20.12
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
3.5
2021-06-24 CVE-2021-27659 Cross-site Scripting vulnerability in Johnsoncontrols Exacqvision web Service 20.06.3.0/21.03
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
4.3
2021-06-04 CVE-2021-27657 Improper Privilege Management vulnerability in Johnsoncontrols Metasys 11.0
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system.
network
low complexity
johnsoncontrols CWE-269
6.5
2021-03-18 CVE-2021-27656 Missing Authorization vulnerability in Johnsoncontrols Exacqvision web Service
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.
network
low complexity
johnsoncontrols CWE-862
5.0