Vulnerability Description
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johnsoncontrols | Ac2000 Firmware | >= 10.1, <= 10.5 |
| Johnsoncontrols | Ac2000 | - |
Related Weaknesses (CWE)
References
- https://us-cert.gov/ics/advisories/ICSA-21-238-01Third Party AdvisoryUS Government Resource
- https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesVendor Advisory
- https://us-cert.gov/ics/advisories/ICSA-21-238-01Third Party AdvisoryUS Government Resource
- https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesVendor Advisory
FAQ
What is CVE-2021-27663?
CVE-2021-27663 is a vulnerability with a CVSS score of 8.2 (HIGH). A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Contro...
How severe is CVE-2021-27663?
CVE-2021-27663 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27663?
Check the references section above for vendor advisories and patch information. Affected products include: Johnsoncontrols Ac2000 Firmware, Johnsoncontrols Ac2000.