Johnson Controls Kantech Door Controllers contain an exposure of sensitive information to an unauthorized actor vulnerability that can allow an attacker to gain access to sensitive information.

Sources: CISA, Johnson Controls

mySCADA myPRO contains a use of hard-coded password vulnerability that can allow an attacker to remotely execute code on the affected device.

Sources: CISA, mySCADA

ICONICS and Mitsubishi Electric products contains uncontrolled search path element, improper authentication, unsafe reflection and more vulnerabilities that can result in denial of service, improper privilege management or potentially remote code execution.

Sources: CISA, ICONICS

Johnson Controls Illustra Essentials Gen 4 (Update A) contains an improper input validation vulnerability that can allow an attacker to inject commands.

Sources: CISA, Johnson Controls

Johnson Controls Illustra Essentials Gen 4 (Update A) contains a storing passwords in a recoverable format vulnerability that can allow an authenticated user to recover credentials for other Linux users.

Sources: CISA , Johnson Controls

Johnson Controls Illustra Essentials Gen 4 (Update A) contains an insertion of sensitive information into log file vulnerability that can allow an attacker to gain access to Linux user credentials.

Sources: CISA, Johnson Controls

Johnson Controls Illustra Essentials Gen 4 (Update A) contains a storing passwords in a recoverable format vulnerability that can allow a web interface user's credentials to be recovered by an authenticated user.

Sources: CISA, Johnson Controls