Johnson Controls, Inc. has an update available to handle a dependency on vulnerable third-party component vulnerability in its Illustra Pro Gen 4, according to a report with CISA.

Successful exploitation of this remotely exploitable vulnerability, which Johnson Controls self-reported, could impact confidentiality and integrity of the device.

Johnson Controls reports the following versions of Illustra Pro Gen 4 Camera suffer from the issue: Illustra Pro Gen 4 Camera, version SS016.05.03.01.0010 and prior.

In the vulnerability, under certain circumstances the camera may be susceptible to known vulnerabilities associated with JQuery versions prior to 3.5.0 third-party component.

CVE-2024-32753 is the case number for this vulnerability, which has a CVSS v3.1 base score of 6.9. There is also a CVSS v4 base score of 7.0.

Schneider Bold

The product sees use mainly in the critical manufacturing sector, and on a global basis.

No known exploit targets this vulnerability. This vulnerability has a high attack complexity.

Johnson Controls recommends users update Illustra Pro Gen 4 camera to version SS016.24.03.00.0007. For more detailed mitigation instructions, click on Johnson Controls Product Security Advisory JCI-PSA-2024-05 v1.

Aligning with CISA recommendations, Johnson Controls recommends taking steps to minimize risks to all building automation systems.

ISSSource

Pin It on Pinterest

Share This