Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for CEM Systems AC2000 by Johnson Controls
CVE-2021-27663 (GCVE-0-2021-27663)
Vulnerability from cvelistv5 – Published: 2021-08-30 16:37 – Updated: 2024-09-17 03:38
VLAI
Title
CEM Systems AC2000
Summary
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
Severity
8.2 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.johnsoncontrols.com/cyber-solutions/s… | x_refsource_CONFIRM |
| https://us-cert.gov/ics/advisories/ICSA-21-238-01 | third-party-advisoryx_refsource_CERT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | CEM Systems AC2000 |
Affected:
10.1 , ≤ 10.5
(custom)
|
Date Public
2021-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CEM Systems AC2000",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T16:37:41.000Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CEM Systems AC2000",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2021-08-30T14:08:00.000Z",
"ID": "CVE-2021-27663",
"STATE": "PUBLIC",
"TITLE": "CEM Systems AC2000"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CEM Systems AC2000",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "10.1",
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2021-27663",
"datePublished": "2021-08-30T16:37:41.273Z",
"dateReserved": "2021-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:38:42.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27663 (GCVE-0-2021-27663)
Vulnerability from nvd – Published: 2021-08-30 16:37 – Updated: 2024-09-17 03:38
VLAI
Title
CEM Systems AC2000
Summary
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
Severity
8.2 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.johnsoncontrols.com/cyber-solutions/s… | x_refsource_CONFIRM |
| https://us-cert.gov/ics/advisories/ICSA-21-238-01 | third-party-advisoryx_refsource_CERT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | CEM Systems AC2000 |
Affected:
10.1 , ≤ 10.5
(custom)
|
Date Public
2021-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CEM Systems AC2000",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T16:37:41.000Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CEM Systems AC2000",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2021-08-30T14:08:00.000Z",
"ID": "CVE-2021-27663",
"STATE": "PUBLIC",
"TITLE": "CEM Systems AC2000"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CEM Systems AC2000",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "10.1",
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2021-27663",
"datePublished": "2021-08-30T16:37:41.273Z",
"dateReserved": "2021-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:38:42.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}