Search criteria
2 vulnerabilities found for CEM Systems AC2000 by Johnson Controls
CVE-2021-27663 (GCVE-0-2021-27663)
Vulnerability from cvelistv5 – Published: 2021-08-30 16:37 – Updated: 2024-09-17 03:38
VLAI?
Title
CEM Systems AC2000
Summary
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
Severity ?
8.2 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | CEM Systems AC2000 |
Affected:
10.1 , ≤ 10.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CEM Systems AC2000",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T16:37:41",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CEM Systems AC2000",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2021-08-30T14:08:00.000Z",
"ID": "CVE-2021-27663",
"STATE": "PUBLIC",
"TITLE": "CEM Systems AC2000"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CEM Systems AC2000",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "10.1",
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2021-27663",
"datePublished": "2021-08-30T16:37:41.273754Z",
"dateReserved": "2021-02-24T00:00:00",
"dateUpdated": "2024-09-17T03:38:42.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27663 (GCVE-0-2021-27663)
Vulnerability from nvd – Published: 2021-08-30 16:37 – Updated: 2024-09-17 03:38
VLAI?
Title
CEM Systems AC2000
Summary
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
Severity ?
8.2 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | CEM Systems AC2000 |
Affected:
10.1 , ≤ 10.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CEM Systems AC2000",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T16:37:41",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CEM Systems AC2000",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2021-08-30T14:08:00.000Z",
"ID": "CVE-2021-27663",
"STATE": "PUBLIC",
"TITLE": "CEM Systems AC2000"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CEM Systems AC2000",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "10.1",
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2021-27663",
"datePublished": "2021-08-30T16:37:41.273754Z",
"dateReserved": "2021-02-24T00:00:00",
"dateUpdated": "2024-09-17T03:38:42.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}