Severity
High
Analysis Summary
CVE-2022-21934
Johnson Controls Metasys could allow a remote authenticated attacker to bypass security restrictions, caused by an unspecified flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to lock other users out of the system and take over accounts.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-21934
Affected Vendors
- Johnson Controls
Affected Products
- Johnson Controls Metasys 10
- Johnson Controls Metasys 11
Remediation
Refer to Johnson Controls for patch, upgrade or suggested workaround information.