Severity

High

Analysis Summary

CVE-2021-3156 

The affected product has an off-by-one error vulnerability, which may allow an attacker to achieve “super user” access on the operating system.

Impact

• Unauthorized Access

Affected Vendors

• Johnson Controls

Affected Products

• CEM Systems AC2000: All versions prior to Version 10.6

Remediation

Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.