Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | N/A |
CWE-ID | CWE-1104 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
KT-1 Hardware solutions / Other hardware appliances |
Vendor | Johnson Controls |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU56219
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-1104 - Use of Unmaintained Third Party Components
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected product relies on Microsoft Windows CE 6.0 that is no longer supported.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKT-1: 2.09.02
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-243-01
http://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/psa_jci-psa-2021-12_kt-1.pdf?la=en&hash=1E765BBFC7C99A789451AE06EF2ED36FCDF71907
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.