July 2, 2020

CISA has updated this advisory with additional details on affected products and mitigation measures. Read the advisory at CISA.

June 18, 2020

CISA has published an advisory on an improper verification of cryptographic signature vulnerability in Johnson Controls exacqVision. All versions up to and including v20.03.2.0 are affected. Successful exploitation of this vulnerability could allow an attacker with administrative privileges to potentially download and run a malicious executable that could allow the execution of operating system commands on the system. Johnson Controls recommends a series of mitigations. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.