Vulnerability identifier: #VU56219
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-1104
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
KT-1
Hardware solutions /
Other hardware appliances
Vendor: Johnson Controls
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected product relies on Microsoft Windows CE 6.0 that is no longer supported.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
KT-1: 2.09.02
External links
http://ics-cert.us-cert.gov/advisories/icsa-21-243-01
http://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/psa_jci-psa-2021-12_kt-1.pdf?la=en&hash=1E765BBFC7C99A789451AE06EF2ED36FCDF71907
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.