The NCCIC has published an advisory on an improper authorization vulnerability in Johnson Controls exacqVision Enterprise System Manager. Versions 5.12.2 and prior are affected. Successful exploitation of this vulnerability could allow malicious code execution. Johnson Controls recommends upgrading to the latest product, version 19.03. The NCCIC also advises of a series of mitigating measures for these vulnerabilities. Read the advisory at NCCIC/ICS-CERT.