[Control systems] Johnson Controls Inc. security advisory (AV22-556)

Number: AV22-556
Date: 5 October 2022

On 4 October 2022 ICS-CERT published an ICS Advisory to highlight a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following product:

• Metasys ADX Server – version 12.0 running MVE

Exploitation of this vulnerability could result in authentication AuthenticationA process or measure used to verify a users identity. bypass.

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

• ICS Advisory (ICSA-22-277-01)