Use of Unmaintained Third Party Components in Sensormatic Electronics KT-1



Published: 2021-09-01
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-1104
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
KT-1
Hardware solutions / Other hardware appliances

Vendor Johnson Controls

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Use of Unmaintained Third Party Components

EUVDB-ID: #VU56219

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-1104 - Use of Unmaintained Third Party Components

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product relies on Microsoft Windows CE 6.0 that is no longer supported.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

KT-1: 2.09.02

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-243-01
http://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/psa_jci-psa-2021-12_kt-1.pdf?la=en&hash=1E765BBFC7C99A789451AE06EF2ED36FCDF71907


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###