The NCCIC has published an advisory on path traversal and improper authentication vulnerabilities in Johnson Controls Facility Explorer. Versions 14.x prior to 14.4u1 and 6.x prior to 6.6 are affected. Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete sensitive files to gain administrator privileges in the Facility Explorer system. Johnson Controls has mitigated these vulnerabilities in the updated versions, which the NCCIC recommends users upgrade to. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.
You are here
Related Resources
Jan 23, 2025 in Cybersecurity, in OT-ICS Security, in Federal & State Resources
Jan 23, 2025 in Cybersecurity, in Security Preparedness
Vulnerability Awareness – Joint Advisory on Ivanti Exploit Chains by Suspected Chinese Threat Actors
Jan 23, 2025 in Cybersecurity, in Federal & State Resources, in Security Preparedness
