[Control systems] Johnson Controls security advisory (AV22-185)

Number: AV22-185
Date: 6 April 2022

On 5 April 2022 ICS-CERT published an ICS Advisory to highlight a vulnerability in the following product:

  • Metasys ADS/ADX/OAS – versions 10 and 11

Exploitation of this vulnerability could result in server-side request forgery (SSRF).

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

ICS Advisory (ICSA-22-095-02)

Report a problem on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: