Rewterz Threat Advisory –ICS: Johnson Controls OpenBlue Enterprise Manager Data Collector Vulnerabilities

Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities

May 22, 2023

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC WS Series Vulnerability

May 22, 2023

Rewterz Threat Advisory –ICS: Johnson Controls OpenBlue Enterprise Manager Data Collector Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-2024 CVSS:10

Johnson Controls OpenBlue Enterprise Manager Data Collector could allow a remote attacker to bypass security restrictions, caused by improper authentication validation by the API calls. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.

CVE-2023-2025 CVSS:5

Johnson Controls OpenBlue Enterprise Manager Data Collector could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation by the API calls. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

Security Bypass
Information Disclosure

Indicators Of Compromise

CVE

CVE-2023-2024
CVE-2023-2025

Affected Vendors

Johnson Controls

Affected Products

Johnson Controls OpenBlue Enterprise Manager Data Collector 3.2.5

Remediation

Refer to Johnson Controls Security Advisory for patch, upgrade or suggested workaround information.

Johnson Controls Security Advisory

Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC WS Series Vulnerability

Rewterz Threat Advisory –ICS: Johnson Controls OpenBlue Enterprise Manager Data Collector Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan