Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Johnson Controls — Vulnerabilities & Security Advisories 76

Browse all 76 CVE security advisories affecting Johnson Controls. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Johnson Controls operates as a global leader in building technologies, providing integrated solutions for heating, ventilation, air conditioning, and security systems. With 76 recorded Common Vulnerabilities and Exposures (CVEs), the company’s software ecosystem has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from legacy components within its building management platforms, exposing critical infrastructure to potential unauthorized access or data exfiltration. While no single catastrophic public breach has defined its recent history, the sheer volume of disclosed CVEs highlights systemic challenges in securing interconnected industrial control systems. Security researchers frequently identify these weaknesses as entry points for lateral movement within enterprise networks. Consequently, maintaining rigorous patch management and network segmentation remains essential for mitigating risks associated with Johnson Controls’ extensive hardware and software footprint in commercial and industrial environments.

Found 4 results / 76Clear Filters
Top products by Johnson Controls: Frick Controls Quantum HD Metasys ADS/ADX/OAS server exacqVision iSTAR Configuration Utility (ICU) American Dynamics Illustra Essentials Gen 4 Metasys IQ Panels2, 2+, IQHub, IQPanel 4, PowerG exacqVision Web Service System Configuration Tool (SCT) OpenBlue Enterprise Manager Data Collector Software House C•CURE 9000 iSTAR Ultra, iSTAR Ultra SE Metasys versions prior to 9.0 TYCO Illustra Pro4 Fixed cameras Kantech KT1 Door Controller, Rev01 Software House C•CURE 9000 Installer iSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SE OpenBlue Workplace (formerly FM Systems) IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG Metasys NAE55/SNE/SNC Quantum HD Unity Compressor IQ Wifi 6 iSTAR Ultra C•CURE 9000 exacqVision Enterprise Manager Kantech EntraPass Corporate Edition Metasys Application and Data Server (ADS, ADS-Lite) Software House C•CURE 9000 v2.70 Kantech EntraPass Security Management Software Special Edition versions 8.22 and prior exacqVision Web Service versions 20.03.2.0 and prior
CVE IDTitleCVSSSeverityPublished
CVE-2025-26385 Metasys product command injection vulnerability could allow remote SQL execution — MetasysCWE-77 9.8AICriticalAI2026-01-30
CVE-2021-36205 Metasys session token — MetasysCWE-459 8.1 High2022-04-15
CVE-2021-36202 Metasys UI — MetasysCWE-918 8.4 High2022-04-07
CVE-2021-27657 Metasys Improper Privilege Management — MetasysCWE-269 8.8 High2021-06-04

This page lists every published CVE security advisory associated with Johnson Controls. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.