[Control systems] Johnson Controls security advisory (AV23-022)

Number: AV23-022
Date: January 12, 2023

On 12 January 2023, ICS-CERT published an ICS Advisory to address a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following products:

  • Metasys ADS/ADX/OAS Version 10.X – versions prior to 10.1.6
  • Metasys ADS/ADX/OAS Version 11.X – versions prior to 11.0.3

Exploitation of this vulnerability could result in information disclosure.

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

Date modified: