Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Johnson Controls — Vulnerabilities & Security Advisories 76

Browse all 76 CVE security advisories affecting Johnson Controls. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Johnson Controls:Frick Controls Quantum HDMetasys ADS/ADX/OAS serverexacqVisioniSTAR Configuration Utility (ICU)American Dynamics Illustra Essentials Gen 4MetasysIQ Panels2, 2+, IQHub, IQPanel 4, PowerGexacqVision Web ServiceSystem Configuration Tool (SCT)OpenBlue Enterprise Manager Data CollectorSoftware House C•CURE 9000iSTAR Ultra, iSTAR Ultra SEMetasys versions prior to 9.0TYCO Illustra Pro4 Fixed camerasKantech KT1 Door Controller, Rev01Software House C•CURE 9000 InstalleriSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SEOpenBlue Workplace (formerly FM Systems)IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerGMetasys NAE55/SNE/SNCQuantum HD Unity CompressorIQ Wifi 6iSTAR UltraC•CURE 9000exacqVision Enterprise ManagerKantech EntraPass Corporate EditionMetasys Application and Data Server (ADS, ADS-Lite)Software House C•CURE 9000 v2.70Kantech EntraPass Security Management Software Special Edition versions 8.22 and priorexacqVision Web Service versions 20.03.2.0 and prior
CVE IDTitleCVSSSeverityPublished
CVE-2021-27660 C-CURE 9000 — C-CURE 9000CWE-20 8.8 High2021-07-01
CVE-2021-27659 exacqVision Web Service CSS — exacqVision Web ServiceCWE-79 5.3 Medium2021-06-24
CVE-2021-27658 exacqVision Enterprise Manager CSS — exacqVision Enterprise ManagerCWE-79 4.3 Medium2021-06-24
CVE-2021-27657 Metasys Improper Privilege Management — MetasysCWE-269 8.8 High2021-06-04
CVE-2021-27656 exacqVision Web Services - Information Exposure — exacqVision Web Service version 20.12.2.0 and prior 5.3 Medium2021-03-18
CVE-2020-9050 Metasys Reporting Engine (MRE) Web Services - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') — Metasys Reporting Engine (MRE) Web Services versions 2.0 and 2.1 7.5 High2021-02-19
CVE-2020-9049 victor Web Client and C•CURE Web Client JSON Web Token (JWT) Vulnerability — victor Web Client version 5.6 and priorCWE-285 7.1 High2020-11-19
CVE-2020-9048 victor Web Client - Arbitrary File Deletion Vulnerability — victor Web Client version 5.4.1 and priorCWE-285 7.1 High2020-10-08
CVE-2020-9047 exacqVision Software - Improper Verification of Cryptographic Signature — exacqVision Web Service versions 20.03.2.0 and priorCWE-347 6.8 Medium2020-06-26
CVE-2020-9046 Kantech EntraPass Security Management Software - System Permissions Vulnerability — Kantech EntraPass Security Management Software Special Edition versions 8.22 and priorCWE-284 8.8 High2020-05-26
CVE-2020-9045 C•CURE 9000 and victor Video Management System - Cleartext storage of user credentials upon installation or upgrade of software. — Software House C•CURE 9000 v2.70CWE-312 9.9 Critical2020-05-21
CVE-2019-7589 Kantech EntraPass Improper Input Validation — Kantech EntraPass Corporate EditionCWE-20 9.8 Critical2020-03-10
CVE-2020-9044 Metasys Improper Restriction of XML External Entity Reference — Metasys Application and Data Server (ADS, ADS-Lite)CWE-611 7.5 High2020-03-10
CVE-2019-7594 Metasys use of hardcoded RC2 key — Metasys versions prior to 9.0CWE-321 9.1 -2019-08-20
CVE-2019-7593 Metasys use of shared RSA key pairs — Metasys versions prior to 9.0CWE-323 7.5 -2019-08-20
CVE-2018-10624 Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information — Metasys SystemCWE-209 6.5 -2018-08-01

This page lists every published CVE security advisory associated with Johnson Controls. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.