Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Johnson Controls — Vulnerabilities & Security Advisories 76

Browse all 76 CVE security advisories affecting Johnson Controls. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Johnson Controls:Frick Controls Quantum HDMetasys ADS/ADX/OAS serverexacqVisioniSTAR Configuration Utility (ICU)American Dynamics Illustra Essentials Gen 4MetasysIQ Panels2, 2+, IQHub, IQPanel 4, PowerGexacqVision Web ServiceSystem Configuration Tool (SCT)OpenBlue Enterprise Manager Data CollectorSoftware House C•CURE 9000iSTAR Ultra, iSTAR Ultra SEMetasys versions prior to 9.0TYCO Illustra Pro4 Fixed camerasKantech KT1 Door Controller, Rev01Software House C•CURE 9000 InstalleriSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SEOpenBlue Workplace (formerly FM Systems)IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGMetasys NAE55/SNE/SNCQuantum HD Unity CompressorIQ Wifi 6iSTAR UltraC•CURE 9000exacqVision Enterprise ManagerKantech EntraPass Corporate EditionMetasys Application and Data Server (ADS, ADS-Lite)Software House C•CURE 9000 v2.70Kantech EntraPass Security Management Software Special Edition versions 8.22 and priorexacqVision Web Service versions 20.03.2.0 and prior
CVE IDTitleCVSSSeverityPublished
CVE-2024-32756 American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - Linux — American Dynamics Illustra Essentials Gen 4CWE-257 6.8 Medium2024-07-02
CVE-2024-32755 American Dynamics Illustra Essentials Gen 4 - Log Filter Input Validation — American Dynamics Illustra Essentials Gen 4CWE-20 9.1 Critical2024-07-02
CVE-2024-32752 Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool — iSTAR Configuration Utility (ICU)CWE-306 8.1AIHighAI2024-06-06
CVE-2024-0912 CCURE passwords exposed to administrators — Software House C•CURE 9000CWE-532 7.5AIHighAI2024-06-05
CVE-2023-4486 Uncontrolled Resource Consumption in Metasys and Facility Explorer — Metasys NAE55/SNE/SNCCWE-400 7.5 High2023-12-07
CVE-2023-4804 Quantum HD Unity — Quantum HD Unity CompressorCWE-489 10.0 Critical2023-11-10
CVE-2023-3548 IQ Wifi 6 — IQ Wifi 6CWE-307 8.3 High2023-07-25
CVE-2023-2025 Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector — OpenBlue Enterprise Manager Data CollectorCWE-200 5.0 Medium2023-05-18
CVE-2023-2024 Improper Authentication for OpenBlue Enterprise Manager Data Collector — OpenBlue Enterprise Manager Data CollectorCWE-287 10.0 Critical2023-05-18
CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT) — System Configuration Tool (SCT)CWE-614 7.5 High2023-02-09
CVE-2022-21939 Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT) — System Configuration Tool (SCT)CWE-1004 7.5 High2023-02-09
CVE-2021-36204 Insufficiently Protected Credentials in Metasys — Metasys ADS/ADX/OASCWE-522 7.8 High2023-01-13
CVE-2021-36206 CEVAS — CEVASCWE-79 10.0 Critical2022-10-28
CVE-2021-36201 CCURE Observable Response Discrepancy — C•CURE 9000CWE-204 4.3 Medium2022-10-11
CVE-2022-21941 iSTAR Ultra — iSTAR UltraCWE-77 10.0 Critical2022-08-31
CVE-2021-36200 Metasys ADS/ADX/OAS with MUI — Metasys ADS/ADX/OAS serverCWE-306 5.3 Medium2022-07-22
CVE-2022-21938 Metasys MUI Graphics XSS — Metasys ADS/ADX/OAS serverCWE-79 8.1 High2022-06-15
CVE-2022-21935 Metasys password guessing — Metasys ADS/ADX/OAS serverCWE-620 7.5 High2022-06-15
CVE-2022-21937 Metasys CSS — Metasys ADS/ADX/OAS serverCWE-79 8.7 High2022-06-15
CVE-2022-21934 Metasys Unverified Password Change — Metasys ADS/ADX/OAS serverCWE-620 8.0 High2022-05-06
CVE-2021-36207 Metasys privilege management — Metasys ADS/ADX/OAS serverCWE-269 8.8 High2022-04-29
CVE-2021-36205 Metasys session token — MetasysCWE-459 8.1 High2022-04-15
CVE-2021-36202 Metasys UI — MetasysCWE-918 8.4 High2022-04-07
CVE-2021-36199 VideoEdge — VideoEdgeCWE-228 5.3 Medium2022-01-14
CVE-2021-36198 Entrapass — EntrapassCWE-200 8.3 High2021-12-06
CVE-2021-27665 exacqVision Server 32-bit — exacqVision Web ServiceCWE-190 7.5 High2021-10-11
CVE-2021-27664 exacqVision Web Service — exacqVision Web ServiceCWE-269 9.8 Critical2021-10-11
CVE-2021-27662 KT-1 Capture-replay — KT-1CWE-294 8.6 High2021-09-15
CVE-2021-27663 CEM Systems AC2000 — CEM Systems AC2000CWE-285 8.2 High2021-08-30
CVE-2021-27661 Facility Explorer — Facility Explorer SNC Series Supervisory Controllers (F4-SNC)CWE-269 8.8 High2021-07-01

This page lists every published CVE security advisory associated with Johnson Controls. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.